Avatar Hi there, I am Mohammed Fadhl Al-Barbari 18 y/o cyber security researcher , Web dev/tester, Mobile applications dev/tester, tools builder and Bugs hunter . Hacker since 2015

CVE-2021-3018 - IPeakCMS v3.5 SQLi

Hi there!, this will be short explaination of the vulnerability I’ve found at IPeakCMS 3.5 which is SQLi and it’s Blind so let’s begin …

Discovered by : Mohammed Fadhl Al-Barbari aka @m4dm0e

CVE-ID : CVE-2021-3018

Vulnerable endpoint/script : site.com/cms/print.php

Injection type : Boolean-based blind

Tested on : IPeakCMS 3.5

Injection tool : SQLmap 1.3.2

Injection tool : SQLmap 1.3.2

Screeshot POC :

image

More info :

I think this is all i need to proof until the Bug is patched!

Thanks for reading this.