SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability

Title: SetSeed CMS 5.8.20 (loggedInUser) Remote SQL Injection Vulnerability
Advisory ID: ZSL-2011-5053
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 02.11.2011
Summary
SetSeed is a self-hosted CMS which lets you rapidly build and deploy complete websites and online stores for your clients.
Description
SetSeed CMS is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the vulnerable script using the cookie input 'loggedInUser', which could allow the attacker to view, add, modify or delete information in the back-end database.
Vendor
SetSeed - http://www.setseed.com
Affected Version
5.8.20
Tested On
Microsoft Windows XP Pro SP3 (EN)
Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8
Vendor Status
[04.11.2011] Vendor releases version 5.11.2 which does not affect this vulnerability.
PoC
setseed_sqli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.exploit-db.com/exploits/18065/
[2] http://www.securityfocus.com/bid/50498
[3] http://packetstormsecurity.org/files/106527/ZSL-2011-5053.txt
[4] http://securityreason.com/wlb_show/WLB-2011110012
[5] http://secunia.com/advisories/46674/
[6] http://osvdb.org/show/osvdb/76801
[7] http://xforce.iss.net/xforce/xfdb/71128
[8] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5116
Changelog
[02.11.2011] - Initial release
[03.11.2011] - Added reference [2], [3], [4] and [5]
[04.11.2011] - Added reference [6] and [7]
[04.11.2011] - Added vendor status.
[24.11.2012] - Added reference [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk