← Advisories

ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

High

Advisory ID

ZSL-2014-5186

Release Date

09 June 2014

Vendor

Another Awesome Stuff - http://www.aas9.in/zerocms/

Affected Version

1.0

CVE

CVE-2014-4034

Tested On

Apache/2.4.7 (Win32), PHP/5.5.6, MySQL 5.6.14

Summary

ZeroCMS is a very simple Content Management System built using PHP and MySQL.

Description

Input passed via the 'article_id' GET parameter to zero_view_article.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Proof of Concept

zerocms_sqli.txtTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://packetstormsecurity.com/files/127005

[2]http://cxsecurity.com/issue/WLB-2014060063

[3]http://www.exploit-db.com/exploits/33702/

[4]http://www.securityfocus.com/bid/67953

[5]http://osvdb.org/show/osvdb/107946

[6]http://secunia.com/advisories/59182/

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4034

[8]http://www.cvedetails.com/cve/CVE-2014-4034/

[9]http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4034

[10]http://www.securelist.com/en/advisories/59182

[11]http://xforce.iss.net/xforce/xfdb/93730

Changelog

09.06.2014Initial release

10.06.2014Added reference [1], [2] and [3]

11.06.2014Added reference [4], [5] and [6]

12.06.2014Added reference [7], [8], [9] and [10]

22.06.2014Added reference [11]