CVE-2007-5783

emagic_cms.net 4.0 - SQL Injection via pageId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-5783. PoCs published by hak3r-b0y.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in emagiC CMS.Net v4.0, allowing an attacker to extract the hashed password of the 'sa' admin account via a UNION-based SQLi in the 'pageId' parameter.

Description

SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows remote attackers to execute arbitrary SQL commands via the pageId parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hak3r-b0y · textwebappsasp

https://www.exploit-db.com/exploits/4578

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in emagiC CMS.Net v4.0, allowing an attacker to extract the hashed password of the 'sa' admin account via a UNION-based SQLi in the 'pageId' parameter.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: emagiC CMS.Net v4.0

No auth needed

Prerequisites: Target must be running emagiC CMS.Net v4.0 · The 'emc.asp' page must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/38119

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26229

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/3642

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4578

Scores

EPSS 0.0046

EPSS Percentile 64.4%

Details

CWE

CWE-94

Status published

Products (1)

emagic-cms/emagic_cms.net 4.0

Published Nov 01, 2007

Tracked Since Feb 18, 2026