Blocked accounts abused in Evolution CMS SQL injection attacks

From portswigger.net

Blocked accounts abused in Evolution CMS SQL injection attacks

A severe unauthenticated SQL injection vulnerability has been patched by developers of the Evolution CMS.

Evolution is a PHP-based, open source content management system (CMS) used to manage the backend of websites.

On February 8, cybersecurity firm Synactiv publicly revealed the existence of two security flaws in the CMS and how a “blocked account” can be exploited to perform an “unauthenticated SQLi in Evolution CMS using the X-Forwarded-For header”.

Written by Synacktiv’s Nicolas Biscos and Thomas Etrillard, the security advisory (PDF) details an unauthenticated SQL injection vulnerability on the Evolution manager login page.

Read more…