CVE-2002-0961

Voxel Dot Net CBMS < 0.7 - Unauthenticated SQL Injection via dltclnt.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0961. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary The provided text describes SQL injection and JavaScript injection vulnerabilities in CBMS version 0.7, specifically in the `dltclnt.php` endpoint. It lacks executable exploit code but outlines the attack vectors and affected parameters.

Description

Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ulf Harnhammar · textwebappsphp

https://www.exploit-db.com/exploits/21517

View Code ZIP pw:eip

The provided text describes SQL injection and JavaScript injection vulnerabilities in CBMS version 0.7, specifically in the `dltclnt.php` endpoint. It lacks executable exploit code but outlines the attack vectors and affected parameters.

Classification

Writeup 80%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: CBMS 0.7

Auth required

Prerequisites: Authenticated access to CBMS · Knowledge of client IDs

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/9295.php

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/4957

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html

Scores

EPSS 0.0118

EPSS Percentile 63.6%

Details

Status published

Products (1)

voxel/cbms < 0.7

Published Oct 04, 2002

Tracked Since Feb 18, 2026