Bootstrapy CMS SQL Injection Vulnerability
Vulnerability
Multiple SQL injection vulnerabilities have been identified in Bootstrapy CMS, allowing unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through POST parameters. The vulnerabilities are present in the thread_id parameter of forum-thread.php, the subject parameter of contact-submit.php, the post-id parameter of post-new-submit.php, and the thread-id parameter. Exploitation of these vulnerabilities could lead to the extraction of sensitive database information or cause a denial-of-service condition.
Impact
Exploitation of these vulnerabilities could result in arbitrary SQL query execution, allowing attackers to manipulate the database, extract sensitive information, or cause a denial-of-service condition.
Reproduction
The vulnerability can be reproduced by sending a POST request to the vulnerable PHP scripts with injected SQL payloads in the specified parameters. For example, injecting a payload that exploits SQL injection vulnerabilities by using SQL injection techniques such as time-based blind SQL injection.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.