CVE-2007-0765

dB Masters Curium CMS <1.03 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0765. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in dB Masters' Curium CMS <= 1.03 via the 'c_id' parameter in news.php. It allows an attacker to extract user credentials (username and password) from the 'cm_users' table.

Description

SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 and earlier allows remote attackers to execute arbitrary SQL commands via the c_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsphp

https://www.exploit-db.com/exploits/3256

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in dB Masters' Curium CMS <= 1.03 via the 'c_id' parameter in news.php. It allows an attacker to extract user credentials (username and password) from the 'cm_users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: dB Masters' Curium CMS <= 1.03

No auth needed

Prerequisites: Target running dB Masters' Curium CMS <= 1.03 · Access to the news.php page

MITRE ATT&CK