CVE-2008-0651

Pedro Santana Codice CMS - SQL Injection via Login Username Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0651. PoCs published by Psiczn.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Codice CMS that allows authentication bypass by injecting a malicious payload into the username field. The provided payload exploits inadequate input sanitization to bypass authentication.

Description

SQL injection vulnerability in login.php in Pedro Santana Codice CMS allows remote attackers to execute arbitrary SQL commands via the username field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Psiczn · textwebappsphp

https://www.exploit-db.com/exploits/31099

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in Codice CMS that allows authentication bypass by injecting a malicious payload into the username field. The provided payload exploits inadequate input sanitization to bypass authentication.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Codice CMS

No auth needed

Prerequisites: Access to the login page of Codice CMS

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27592

Scores

EPSS 0.0090

EPSS Percentile 55.0%

Details

CWE

CWE-89

Status published

Products (1)

pedro_santana_codice/cms

Published Feb 07, 2008

Tracked Since Feb 18, 2026