drew-byte/SiempreCMS-SQLi-POC
GitHub
Releases0
The user_search_ajax.php file is vulnerable to SQL injection due to improper handling of user-supplied input. User inputs are passed directly to the database query without proper parameterization or prepared statements.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 7.3 HIGH | 7.5 HIGH | ||
A vulnerability was determined in SiempreCMS up to 1.3.6. This affects an unknown part of the file user_search_ajax.php. This manipulation of the argument name/userName causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||