CVE-2009-0534

FlexCMS - SQL Injection via catId Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-0534. PoCs published by MisterRichard.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in FlexCMS, allowing an attacker to extract user credentials via a crafted UNION-based SQL query. The PoC includes a live demo URL and targets the 'catId' parameter in the webshop module.

Description

SQL injection vulnerability in FlexCMS allows remote attackers to execute arbitrary SQL commands via the catId parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by MisterRichard · textwebappsphp
https://www.exploit-db.com/exploits/8018

This exploit demonstrates a SQL injection vulnerability in FlexCMS, allowing an attacker to extract user credentials via a crafted UNION-based SQL query. The PoC includes a live demo URL and targets the 'catId' parameter in the webshop module.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FlexCMS (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable FlexCMS webshop module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/8355

This is a technical writeup detailing a blind SQL injection vulnerability in FlexCMS via the 'ItemId' parameter. It includes example payloads and live demo URLs to demonstrate the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FlexCMS
No auth needed
Prerequisites: Access to the vulnerable FlexCMS calendar page
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8018
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48609
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33696

Scores

EPSS 0.0100
EPSS Percentile 58.1%

Details

CWE
CWE-89
Status published
Products (1)
flexcms/flexcms
Published Feb 11, 2009
Tracked Since Feb 18, 2026