Primary

Context

XATABoost CMS SQL Injection Vulnerability

Vulnerability

A union-based SQL injection vulnerability has been identified in XATABoost CMS version 1.0.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to 'news.php' with malicious 'id' values to extract sensitive information from the database.

Impact

Exploitation of this vulnerability allows for union-based SQL injection, where an attacker can manipulate SQL queries to extract or potentially modify database information.

Reproduction

To reproduce this vulnerability, send a GET request to 'news.php' with a crafted 'id' parameter that includes SQL injection payloads. The injection point can be exploited by manipulating the SQL query handling of the application.

Added: Apr 29, 2026, 8:36 PM

Updated: Apr 29, 2026, 8:36 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

6.8

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XATABoost CMS SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating