# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 652/2010

============ { Ariko-Security - Advisory #1/5/2010 } =============

SQL injection vulnerability in SmartCMS v.2

Vendor's Description of Software:
# http://www.smartwebsites.com.cy/index.php?pageid=13&lang=en

Dork:
# n/a

Application Info:
# Name: SmartCMS
# Versions: V.2

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 22/04/2010 - Vendor notified.

Input passed via the "pageid" ,"lang" parameters to index.php is not

properly sanitised before being used in a SQL query.

Solution:
# Input validation of "pageid","lang" parameters should be corrected.

Vulnerability:
# http://[site]/index.php?pageid=[SQLi]&lang=[SQLi]