[Description]
CMS ISWEB 3.5.3 is vulnerable to multiple SQL injection flaws. An attacker
can inject malicious queries into the application and obtain
sensitive information.

------------------------------------------

[Additional Information]
PoC Prints: https://imgur.com/a/buXJJKC
?id=1'

------------------------------------------


[Vulnerability Type]
SQL Injection

------------------------------------------

[Vendor of Product]
http://www.isweb.it CMS ISWEB 3.5.3

------------------------------------------

[CVE Name]
CVE-2018-14956

------------------------------------------

[Attack Type]
Remote

------------------------------------------

[Impact Code execution]
true

------------------------------------------

[Impact Information Disclosure]
true

------------------------------------------

[CVE Impact Other]
The attacker can access the entire database, get shell and remote code execution.

------------------------------------------

[Reference]
https://www.owasp.org/index.php/SQL_Injection

------------------------------------------

[Discoverer]
Thiago Sena & Rafael Fontes Souza & Occasio Security