Description
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/5849
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29789
Exploit x_refsource_misc
http://www.bugreport.ir/?/43
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30705
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5849
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43163
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43161
Scores
EPSS
0.0093
EPSS Percentile
76.2%
Details
CWE
CWE-89
Status
published
Products (1)
doitlive/cms
< 2.50
Published
Jun 25, 2008
Tracked Since
Feb 18, 2026