• info
• discussion
• exploit
• solution
• references

Concrete5 'cID' Parameter SQL Injection Vulnerability

An attacker can exploit this issue using a web browser.

The following example URI is available:

http://www.example.com/concrete5.6.2.1/index.php/arHandle=Main&bID=34&btask=passthru&ccm_token=1392630914:be0d09755653afb162d041a33f5feae&cID=[SQL]