============ { Ariko-Security - Advisory #1/3/2010 } =============

       Multiple SQL injection vulnerabilities in Flick CMS

Vendor's Description of Software:
# http://www.flickcms.com/menu/features/31/31/1
# Vulnerable DEMO:
# http://demo.flickcms.com/index.php?plugin_id=8&exmenu=50&page=1

Dork:
# N/A

Application Info:
# Name: Flick CMS

Vulnerability Info:
# Type: SQL injection Vulnerability
# Risk: medium

Fix:
# N/A

Time Table:
# 03/03/2010 - Vendor notified.

Input passed via the "exmenu" and "page" parameters to index.php is not properly sanitised before being used in a SQL query.

Solution:
# Input validation of "exmenu" and "page" parameters should be corrected.