This advisory details multiple SQL injection and XSS vulnerabilities in Aoop CMS v0.3.6, including pre-auth and post-auth attack vectors. It provides specific endpoints and payloads but does not include functional exploit code.
Classification
Writeup 100%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target:Aoop CMS v0.3.6
Auth required
Prerequisites:Access to vulnerable endpoints · User interaction for XSS