CVE-2007-6622

ZeusCMS < 0.3 - SQL Injection via Referer HTTP Header

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6622. PoCs published by EgiX.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in ZeusCMS <= 0.3 by manipulating the HTTP Referer header. It extracts user credentials (username and MD5 hash) by brute-forcing character-by-character using conditional SQL queries.

Description

SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

Exploits (1)

exploitdb WORKING POC VERIFIED

by EgiX · phpwebappsphp

https://www.exploit-db.com/exploits/4798

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in ZeusCMS <= 0.3 by manipulating the HTTP Referer header. It extracts user credentials (username and MD5 hash) by brute-forcing character-by-character using conditional SQL queries.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ZeusCMS <= 0.3

No auth needed

Prerequisites: magic_quotes_gpc = off · HTTP Referer header not sanitized

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27058

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4798

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39759

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28194

Scores

EPSS 0.0101

EPSS Percentile 58.5%

Details

CWE

CWE-89

Status published

Products (1)

zeuscms/zeuscms < 0.3

Published Jan 04, 2008

Tracked Since Feb 18, 2026