CVE-2007-3313

Jasmine CMS 1.0 - SQL Injection via Login Username or News Item Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3313. PoCs published by Silentz.

AI-analyzed exploit summary This exploit demonstrates SQL injection and remote code execution in Jasmine CMS 1.0 by injecting malicious PHP code into log files and leveraging a vulnerable parameter in plugin_manager.php. It also includes functionality to retrieve admin credentials via SQL injection.

Description

Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the login_username parameter to login.php or (2) the item parameter to news.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Silentz · phpwebappsphp

https://www.exploit-db.com/exploits/4081

View Code ZIP pw:eip

This exploit demonstrates SQL injection and remote code execution in Jasmine CMS 1.0 by injecting malicious PHP code into log files and leveraging a vulnerable parameter in plugin_manager.php. It also includes functionality to retrieve admin credentials via SQL injection.

Classification

Working Poc 100%

Attack Type

Rce | Sqli

Complexity

Moderate

Reliability

Reliable

Target: Jasmine CMS 1.0

No auth needed

Prerequisites: Target must have Jasmine CMS 1.0 installed · Web server must have write permissions to log files · PHP must be configured to allow file inclusion

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →