mounirrquiba

1 exploit Active since Feb 2014
CVE-2014-1459 WRITEUP WRITEUP
doorGets CMS <= 5.2 - Authenticated SQL Injection via _position_down_id Parameter
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.