HTTP: SyndeoCMS SQL Injection Vulnerability
This signature detects attempts to exploit a known SQL Injection vulnerability in SyndeoCMS content manager. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
Extended Description
SyndeoCMS is prone to multiple cross-site scripting vulnerabilities and an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. SyndeoCMS 2.8.02 is vulnerable; other versions may also be affected.
Affected Products
Syndeocms syndeocms
Short Name
HTTP:SQL:INJ:SYNDEO-CMS-USRNAME
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Injection SQL SyndeoCMS Vulnerability bid:47018
Release Date
03/31/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Syndeocms