Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Flo CMS SQL Injection

Disclosed September 3, 2013    Zeroday : 730 days

Vulnerability Description:

Flo CMS does not sanitize input in the “archivem” GET parameter, which may allow an attacker to arbitrarily execute SQL queries on the CMS.


Flo Web Design Ltd.

Vulnerable Software/Devices:

Flo CMS 3.2 and possibly earlier versions

Vulnerability Severity:


Exploit Availability:

Publicly Available

Exploit Impact:

SQL Injection
Flo CMS does not properly sanitize input via the GET parameter "archivem", which allows a remote attacker to arbitrarily execute SQL queries in the CMS.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 30386 - Flo CMS SQL Injection (20130905) (Zero-Day)


No mitigation currently available.