Hi there!, this will be short explaination of the vulnerability I’ve found at IPeakCMS 3.5 which is SQLi and it’s Blind so let’s begin …
Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e
CVE-ID : CVE-2021-3018
Vulnerable endpoint/script : site.com/cms/print.php
Injection type : Boolean-based blind
Tested on : IPeakCMS 3.5
Injection tool : SQLmap 1.3.2
Injection tool : SQLmap 1.3.2
Screeshot POC :
More info :
I think this is all i need to proof until the Bug is patched!
Thanks for reading this.