TheJshen ContentManagementSystem SQL Injection Vulnerability

A SQL injection vulnerability has been identified in TheJshen ContentManagementSystem version 1.04. This vulnerability allows attackers to manipulate database queries through the 'id' GET parameter. Exploitation can be achieved using boolean-based, time-based, and UNION-based SQL injection techniques, enabling attackers to extract or manipulate database information by crafting malicious query payloads.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the application with the 'id' GET parameter. The SQL injection can be exploited by using payloads that leverage boolean-based blind, time-based blind, or UNION-based SQL injection techniques. For example, a boolean-based blind injection can be performed by using a payload that includes a SQL injection condition, such as 'id=4' AND 5143=5143--'.