SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The vulnerability results from improper neutralization of special characters in input data passed to SQL commands (Improper Neutralization of Special Elements used in an SQL Command). An attacker can inject malicious SQL code fragments into queries executed by the application, allowing manipulation of database logic. The attack requires no authentication or user interaction and can be carried out remotely over the network.
An attacker can gain unauthorized access to data stored in the database, modify or delete data, and potentially take control of the system, resulting in a complete breach of the application's confidentiality, integrity, and availability.
Patches available from the vendor should be applied in accordance with the references provided. Additionally, it is recommended to restrict access to the application at the firewall level and implement WAF (Web Application Firewall) mechanisms as a temporary measure until the updates are applied.
SiberianCMS — versions specified in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSiberiancms
APPSiberiancms< 5.0.11
Related vulnerabilities
SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges
SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative...
SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') b...
A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is s...
SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network...