thejshen Globitek CMS SQL Injection Vulnerability

A SQL injection vulnerability has been identified in thejshen Globitek CMS version 1.4. This vulnerability allows attackers to manipulate database queries through the 'id' GET parameter. Exploitation of this issue could lead to unauthorized data extraction or modification. The vulnerability arises from improper neutralization of special elements used in SQL commands, commonly known as SQL injection.

Impact

Exploitation of this vulnerability allows for boolean-based, time-based, and UNION-based SQL injection, enabling attackers to extract or modify database information.

Reproduction

The vulnerability can be reproduced by sending a GET request with a crafted 'id' parameter that exploits the SQL injection flaw. This can be done using a web browser or a tool like Burp Suite. The injection can be verified by using payloads that demonstrate the injection, such as those that exploit boolean-based blind SQL injection or UNION-based SQL injection techniques.