### [CVE-2017-20139](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20139)
![](https://img.shields.io/static/v1?label=Product&message=Movie%20Portal%20Script&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=7.36%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-89%20SQL%20Injection&color=brightgreen)

### Description

A vulnerability was found in Itech Movie Portal Script 7.36. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /show_news.php. The manipulation of the argument id with the input AND (SELECT 1222 FROM(SELECT COUNT(*),CONCAT(0x71786b7a71,(SELECT (ELT(1222=1222,1))),0x717a627871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) leads to sql injection (Error). The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

### POC

#### Reference
- https://www.exploit-db.com/exploits/41155/

#### Github
- https://github.com/ARPSyndicate/cvemon