PT-2014-68: Multiple SQL Injection in InstantCMS Vulnerable softwareInstantCMS Version: 1.xLink: http://www.instantcms.ru/Severity levelSeverity level: High Impact: SQL Injection Access Vector: Remote CVSS v2: Base Score: 7.5 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P)CVE: not assignedSoftware descriptionInstantCMS is a web content management system.Vulnerability descriptionThe specialists of the Positive Research center have detected multiple SQL Injection vulnerabilities in InstantCMS.SQL Injection in the cms.php script allows remote attackers to execute arbitrary SQL commands via a specially crafted request.How to fix Update your software up to the latest version.Advisory status 26.12.2013 - Vendor gets vulnerability details 28.12.2013 - Vendor releases fixed version and details 26.12.2014 - Public disclosureCreditsThe vulnerabilities were detected by using Positive Technologies Application Inspector, the application security testing systemReferenceshttp://en.securitylab.ru/lab/PT-2014-68 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/