CVE-2007-6058

ProfileCMS <= 1.0 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6058. PoCs published by K-159.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ProfileCMS <= 1.0, allowing remote attackers to extract user credentials (including MD5 password hashes) via crafted 'id' parameters in multiple modules. The PoC includes specific URLs with UNION-based SQLi payloads.

Description

Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.

Exploits (1)

exploitdb WORKING POC VERIFIED

by K-159 · textwebappsphp

https://www.exploit-db.com/exploits/4627

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in ProfileCMS <= 1.0, allowing remote attackers to extract user credentials (including MD5 password hashes) via crafted 'id' parameters in multiple modules. The PoC includes specific URLs with UNION-based SQLi payloads.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ProfileCMS <= 1.0

No auth needed

Prerequisites: magic_quotes must be disabled in PHP configuration

MITRE ATT&CK