CVE-2008-6952

MauryCMS <= 0.53.2 - SQL Injection via Rss.php c Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6952. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit targets MauryCMS <= 0.53.2 by leveraging SQL injection to extract admin credentials and then uploading a malicious PHP shell via an authenticated file upload vulnerability. The script automates the process of retrieving session cookies and uploading the shell.

Description

SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/7162

View Code ZIP pw:eip

This exploit targets MauryCMS <= 0.53.2 by leveraging SQL injection to extract admin credentials and then uploading a malicious PHP shell via an authenticated file upload vulnerability. The script automates the process of retrieving session cookies and uploading the shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MauryCMS <= 0.53.2

No auth needed

Prerequisites: Target URL · PHP shell file

MITRE ATT&CK