Introduction:
=============
GENU is a Content Management System written with PHP language and using a database server (MySQL, PostgreSQL or SQLite) for
storage. It is fully customisable since it uses a templates system and supports multiple languages.
(Copy of the Vendor Homepage: http://www.gnew.fr)
Abstract:
=========
A Vulnerability Laboratory Research Team discovered multiple SQL Injection vulnerabilities in GENU CMS 2012.3 content management system.
Report-Timeline:
================
2012-04-28: Vendor Fix/Patch by Check
2012-04-30: Public or Non-Public Disclosure
Details:
========
A SQL Injection vulnerability is detected in GENU CMS 2012.3.
The vulnerability allows an attacker (remote) or local low privileged user account to inject/execute own sql commands
on the affected application dbms. Successful exploitation of the vulnerability results in dbms & application compromise.
Proof of Concept:
=================
The sql injection vulnerabilities can be exploited by remote attackers without user inter action. For demonstration or reproduce ...
Word in 'search' must consist of at least two characters