The exploit demonstrates SQL injection in TAGWORX.CMS via unsanitized input in the 'cid' and 'pid' parameters in gallery.php. The provided URLs show how an attacker can inject malicious SQL queries to manipulate the database.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:TAGWORX.CMS
No auth needed
Prerequisites:Access to the vulnerable gallery.php endpoint