The exploit demonstrates multiple vulnerabilities in Cotonti CMS v0.9.4, including SQL injection (SQLi), cross-site scripting (XSS), and path disclosure. The PoC provides specific HTTP requests to trigger these vulnerabilities, with clear evidence of SQL errors and injection points.
Classification
Working Poc 90%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Cotonti CMS v0.9.4
No auth needed
Prerequisites:Access to the target web application