XdCMS SQL Injection

OWASP 2013-A1 OWASP 2017-A1 PCI v3.2- OWASP PC-C3 CAPEC-66 CWE-89 HIPAA-89 ISO27001-A.14.2.5 WASC-19 WSTG-INPV-05

Inject the following code into the system\modules\xdcms\language.php file in the back-end of the XDCMS enterprise management system: When editing a section, the administrator will use the editsave() function, which contains the seven injection points:

Mitigation / Precaution

In order to patch this vulnerability, please install the official patch the XdCMS made available for supported, vulnerable instances for Spring Boot framework.

Latest Articles