CVE-2008-5058

Pre Simple CMS - SQL Injection via User Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5058. PoCs published by Hussin X.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via SQL injection in Pre Simple CMS. The PoC provides credentials ('admin ' or ' 1=1' as username and 'hussin-X' as password) to bypass authentication.

Description

SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple CMS allows remote attackers to execute arbitrary SQL commands via the user parameter, as reachable from siteadmin/adminlogin.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/7004

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass via SQL injection in Pre Simple CMS. The PoC provides credentials ('admin ' or ' 1=1' as username and 'hussin-X' as password) to bypass authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Pre Simple CMS

No auth needed

Prerequisites: Access to the login page of Pre Simple CMS

MITRE ATT&CK