CVE-2008-6282

CMS Ortus < 1.13 - Authenticated SQL Injection via City Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6282. PoCs published by otmorozok428.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in CMS Ortus versions 1.12 and 1.13. The exploit involves injecting malicious input into the 'City' field during user profile editing to escalate privileges to admin.

Description

SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by otmorozok428 · textwebappsphp
https://www.exploit-db.com/exploits/7237

This is a writeup describing a SQL injection vulnerability in CMS Ortus versions 1.12 and 1.13. The exploit involves injecting malicious input into the 'City' field during user profile editing to escalate privileges to admin.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: CMS Ortus 1.12, CMS Ortus 1.13
Auth required
Prerequisites: User registration · Authentication · Access to user profile editing
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/50312
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46886
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3272
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32486
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32899
Patch, Vendor Advisory x_refsource_confirm
http://ortus.nirn.ru/index.php?ortupg=16
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7237

Scores

EPSS 0.0207
EPSS Percentile 79.1%

Details

CWE
CWE-89
Status published
Products (4)
ortus.nirn/cms_ortus 1.10.1
ortus.nirn/cms_ortus 1.11
ortus.nirn/cms_ortus 1.12
ortus.nirn/cms_ortus < 1.13
Published Feb 25, 2009
Tracked Since Feb 18, 2026