top of page
Sentence 3
A SQL injection vulnerability in azurWebEngine in Sita AzurCMS through 1.2.3.12 allows an authenticated attacker to execute arbitrary SQL commands via the id parameter to mesdocs.ajax.php in azurWebEngine/eShop. By default, the query is executed as DBA.
Actual
Tags:
-
Exploit mechanism: SQL injection
-
Exploit objective: execute arbitrary SQL commands
-
Attack pathway: id parameter to mesdocs.ajax.php, authenticated attacker
Predicted
Tags:
-
Exploit mechanism: SQL injection vulnerability
-
Exploit objective: gain access to sensitive information stored in the database, such as user credentials and other confidential data
-
Attack pathway: authenticated attacker
bottom of page