SQL Injection Vulnerability in InstantCMS by InstantSoft
CVE-2013-6839

Currently unrated

Key Information:

Vendor

Instantsoft

Status
Instantcms
Vendor
CVE Published:
13 December 2013

What is CVE-2013-6839?

A SQL injection vulnerability exists in InstantSoft's InstantCMS version 1.10.3 and earlier, allowing remote attackers to manipulate SQL queries by entering malicious input via the 'orderby' parameter in the catalog endpoint. This exploitation could lead to unauthorized access to the database, enabling attackers to execute arbitrary SQL commands and compromise the integrity of the web application. It is crucial for users of affected versions to apply security updates promptly to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://secunia.com/advisories/56041
third-party-advisoryx_refsource_SECUNIA
http://www.instantcms.ru/novosti/security-update-1-10-3.html
x_refsource_CONFIRM
https://www.htbridge.com/advisory/HTB23185
x_refsource_MISC

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.