CVE-2007-5643

Lussumo Vanilla < 1.1.3 - SQL Injection via CategoryID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5643. PoCs published by InATeam.

AI-analyzed exploit summary This PHP script exploits a blind SQL injection vulnerability in Vanilla Forum <= 1.1.3 via the /ajax/sortcategories.php endpoint. It uses time-based techniques (BENCHMARK) to extract user password hashes from the database.

Description

Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by InATeam · phpwebappsphp
https://www.exploit-db.com/exploits/4548

This PHP script exploits a blind SQL injection vulnerability in Vanilla Forum <= 1.1.3 via the /ajax/sortcategories.php endpoint. It uses time-based techniques (BENCHMARK) to extract user password hashes from the database.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Vanilla Forum <= 1.1.3
No auth needed
Prerequisites: MySQL >= 4.1 · magic_quotes_gpc=Off
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Various Sources x_refsource_confirm
http://lussumo.com/swell/168/Vanilla-114-Released/
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26145
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3571
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/27348
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/37345
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4548

Scores

EPSS 0.0121
EPSS Percentile 64.4%

Details

CWE
CWE-89
Status published
Products (1)
lussumo/vanilla < 1.1.3
Published Oct 23, 2007
Tracked Since Feb 18, 2026