Primary

Context

AssamLook CMS SQL Injection Vulnerability in department-profile.php

Vulnerability

A critical blind SQL injection vulnerability has been identified in AssamLook CMS version 1.0. The issue arises in the file department-profile.php, where the ID parameter can be manipulated to execute arbitrary SQL commands. This vulnerability can be exploited remotely, and details of the exploit have been made public.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and potentially access or modify database information.

Reproduction

The vulnerability can be reproduced by sending a crafted request to department-profile.php with a manipulated 'did' parameter. For example, appending a SQL injection payload such as '1' and then using a SQL injection technique, such as a tautology-based payload, can demonstrate the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AssamLook CMS SQL Injection Vulnerability in department-profile.php

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating