|| Security Net Advisory #D.24.7.06.a

Title  : SD Studio CMS SQL injection
Impact : Manipulation of data
Type   : Remote
Vendor : 
  - Url    : http://www.sdstudio.co.yu/
  - Status : Vendor was first contacted on 24.7.2006.

|| Vulnerability

Input passed to the "news_id", "tid" and "page_id" parameter in "index.php" isn't properly filtered before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

|| Examples:

index.php?news_id=[SQL]&plugin=news&plugin_view=news_details&tid=25
index.php?news_id=40&plugin=news&plugin_view=news_details&tid=[SQL]
index.php?page_id=[SQL]

|| Solution:

Edit the source code to ensure that input is properly filtered.

|| Contact

Author : Ivan Markovic
Site   : www.security-net.biz