CMSsite SQL Injection Vulnerability

A SQL injection vulnerability has been identified in CMSsite version 1.0. This vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. The issue is present in the 'post.php' file, where the application executes a database query using the injected 'post' values. This vulnerability could be exploited to extract sensitive information from the database or to perform time-based blind SQL injection attacks.

Impact

Exploitation of this vulnerability allows for SQL injection, where attackers can manipulate database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a GET request to 'post.php' with a crafted 'post' parameter that includes SQL injection payloads. The application will execute the injected SQL code, allowing for extraction of database information or execution of time-based blind SQL injection techniques.