CVE-2009-1256

FlexCMS 2.5 - SQL Injection via ItemId Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1256. PoCs published by Lanti-Net, MisterRichard.

AI-analyzed exploit summary This is a technical writeup detailing a blind SQL injection vulnerability in FlexCMS via the 'ItemId' parameter. It includes example payloads and live demo URLs to demonstrate the vulnerability.

Description

SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Lanti-Net · textwebappsphp

https://www.exploit-db.com/exploits/8355

View Code ZIP pw:eip

This is a technical writeup detailing a blind SQL injection vulnerability in FlexCMS via the 'ItemId' parameter. It includes example payloads and live demo URLs to demonstrate the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: FlexCMS

No auth needed

Prerequisites: Access to the vulnerable FlexCMS calendar page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by MisterRichard · textwebappsphp

https://www.exploit-db.com/exploits/8018

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in FlexCMS, allowing an attacker to extract user credentials via a crafted UNION-based SQL query. The PoC includes a live demo URL and targets the 'catId' parameter in the webshop module.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: FlexCMS (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable FlexCMS webshop module

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8355

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/49680

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34394

Scores

EPSS 0.0100

EPSS Percentile 58.3%

Details

CWE

CWE-89

Status published

Products (1)

flexcms/flexcms 2.5

Published Apr 07, 2009

Tracked Since Feb 18, 2026