CVE-2009-1277

Gravity Board X 2.0 BETA - SQL Injection via member_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1277. PoCs published by brain[pillow], CWH Underground.

AI-analyzed exploit summary The exploit demonstrates SQL injection and remote code execution vulnerabilities in Gravity Board X v2.0 BETA. SQLi is achieved via crafted member_id and board_id parameters, while RCE is possible through admin panel input manipulation.

Description

SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.

Exploits (2)

exploitdb WORKING POC VERIFIED

by brain[pillow] · textwebappsphp

https://www.exploit-db.com/exploits/8350

View Code ZIP pw:eip

The exploit demonstrates SQL injection and remote code execution vulnerabilities in Gravity Board X v2.0 BETA. SQLi is achieved via crafted member_id and board_id parameters, while RCE is possible through admin panel input manipulation.

Classification

Working Poc 95%

Attack Type

Sqli | Rce

Complexity

Trivial

Reliability

Reliable

Target: Gravity Board X v2.0 BETA

Auth required

Prerequisites: Access to admin panel for RCE · Target running Gravity Board X v2.0 BETA

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/5791

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in Gravity Board X 2.0 Beta via the thread title field and an SQL injection vulnerability in the search and viewboard functionalities when magic_quotes_gpc is disabled.

Classification

Working Poc 95%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Gravity Board X 2.0 Beta

Auth required

Prerequisites: magic_quotes_gpc must be disabled for SQLi · valid session cookie for XSS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34370

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8350

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/49678

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-89

Status published

Products (1)

gravityboardx/gravity_board_x 2.0 beta

Published Apr 09, 2009

Tracked Since Feb 18, 2026