top of page

Sentence 3

A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.



  • Exploit mechanism: SQL injection

  • Exploit objective: execute arbitrary SQL commands

  • Attack pathway: id parameter to mesdocs.ajax.php, authenticated attacker



  • Exploit mechanism: SQL injection vulnerability

  • Exploit objective: gain access to sensitive information stored in the database, such as user credentials and other confidential data

  • Attack pathway: authenticated attacker

bottom of page