Intrusion Prevention

Etomite.Index.PHP.SQL.Injection

Description

This indicates an attempt to exploit a remote SQL injection vulnerability in Etomite CMS.
The vulnerability can be exploited by sending specially crafted SQL statements to the script "manager/index.php", using the "username" parameter, if "magic_quotes" is disabled. As a result a remote attacker can bypass authentication, and can view, add, modify and delete information in the back end database.

Affected Products

Etomite Content Management System 0.6.1 and earlier

Impact

System compromise: data manipulation.

CVE References

CVE-2006-3904