BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Flo CMS SQL Injection

Disclosed September 3, 2013    Zeroday : 394 days

Vulnerability Description:

Flo CMS does not sanitize input in the “archivem” GET parameter, which may allow an attacker to arbitrarily execute SQL queries on the CMS.

Vendors:

Flo Web Design Ltd.

Vulnerable Software/Devices:

Flo CMS 3.2 and possibly earlier versions

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

SQL Injection
Flo CMS does not properly sanitize input via the GET parameter "archivem", which allows a remote attacker to arbitrarily execute SQL queries in the CMS.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 30386 - Flo CMS SQL Injection (20130905) (Zero-Day)

Mitigation:

No mitigation currently available.

Links:

CVE(s):

None