SQL injection vulnerabilities in zerocms <= v.1.3.3

Posted by Steffen Rösemann on Feb 01

Advisory: SQL injection vulnerabilities in zerocms <= v.1.3.3
Advisory ID: SROEADV-2015-13
Author: Steffen Rösemann
Affected Software: zerocms <= v.1.3.3 (released 23rd-Jan-2015)
Vendor URL: http://aas9.in/zerocms/
Vendor Status: platform will be moving to Rails4
CVE-ID: –

==========================
Vulnerability Description:
==========================

Content management system Zerocms v. 1.3.3 suffers from SQL injection
vulnerabilities….

Leave a Reply