CVE-2007-3214

e-vision_cms < 2.02 - SQL Injection via Template Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3214. PoCs published by Silentz.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in e-Vision CMS <= 2.02, including SQL injection, file disclosure, and remote code execution. It provides three attack modes: SQL injection for admin credentials, config file disclosure for database credentials, and RCE via log poisoning.

Description

SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/4054

View Code ZIP pw:eip

This exploit targets multiple vulnerabilities in e-Vision CMS <= 2.02, including SQL injection, file disclosure, and remote code execution. It provides three attack modes: SQL injection for admin credentials, config file disclosure for database credentials, and RCE via log poisoning.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Rce

Complexity

Moderate

Reliability

Reliable

Target: e-Vision CMS <= 2.02

No auth needed

Prerequisites: Target must be running e-Vision CMS <= 2.02 · PHP must be installed on the target · Web server must have write access to log files for RCE

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →