id: pbootcms-database-file-download info: name: PbootCMS 2.0.7 - SQL Injection author: ritikchaddha severity: critical description: PbootCMS 2.0.7 contains a SQL injection vulnerability via pbootcms.db. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. reference: - https://xz.aliyun.com/t/7628 - https://www.cnblogs.com/0daybug/p/12786036.html classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H cvss-score: 10.0 cwe-id: CWE-89 tags: pbootcms,db,exposure,database,sqlite requests: - method: GET path: - "{{BaseURL}}/data/pbootcms.db" max-size: 20000 matchers-condition: and matchers: - type: word part: body words: - "PbootCMS" - "SQLite format 3" condition: and - type: status status: - 200 # Enhanced by mp on 2022/09/28