ZeroCMS 1.0 (article_id) SQL Injection Vulnerability

Title: ZeroCMS 1.0 (article_id) SQL Injection Vulnerability
Advisory ID: ZSL-2014-5186
Type: Local/Remote
Impact: Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (4/5)
Release Date: 09.06.2014
Summary
ZeroCMS is a very simple Content Management System built using PHP and MySQL.
Description
Input passed via the 'article_id' GET parameter to zero_view_article.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Vendor
Another Awesome Stuff - http://www.aas9.in/zerocms/
Affected Version
1.0
Tested On
Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14
Vendor Status
N/A
PoC
zerocms_sqli.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://packetstormsecurity.com/files/127005
[2] http://cxsecurity.com/issue/WLB-2014060063
[3] http://www.exploit-db.com/exploits/33702/
[4] http://www.securityfocus.com/bid/67953
[5] http://osvdb.org/show/osvdb/107946
[6] http://secunia.com/advisories/59182/
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-4034
[8] http://www.cvedetails.com/cve/CVE-2014-4034/
[9] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4034
[10] http://www.securelist.com/en/advisories/59182
[11] http://xforce.iss.net/xforce/xfdb/93730
Changelog
[09.06.2014] - Initial release
[10.06.2014] - Added reference [1], [2] and [3]
[11.06.2014] - Added reference [4], [5] and [6]
[12.06.2014] - Added reference [7], [8], [9] and [10]
[22.06.2014] - Added reference [11]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk