Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
[RT-SA-2014-005] SQL Injection in webEdition CMS File Browser Installer Script
May 28 2014 03:04PM
RedTeam Pentesting GmbH (release redteam-pentesting de)
Advisory: SQL Injection in webEdition CMS File Browser
RedTeam Pentesting discovered an SQL injection vulnerability in the file
browser component of webEdition CMS during a penetration test.
Unauthenticated attackers can get read-only access on the SQL database
used by webEdition and read for examp...
[ more ]
Copyright 2010, SecurityFocus