CVE-2009-1500

ProjectCMS 1.0 Beta - SQL Injection via sn Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1500. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ProjectCMS v1.0 Beta Final. It leverages an unsanitized 'sn' parameter in the index.php file to extract database information and admin credentials when magic_quotes_gpc is disabled.

Description

SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8565

This exploit demonstrates a SQL injection vulnerability in ProjectCMS v1.0 Beta Final. It leverages an unsanitized 'sn' parameter in the index.php file to extract database information and admin credentials when magic_quotes_gpc is disabled.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ProjectCMS v1.0 Beta Final
No auth needed
Prerequisites: magic_quotes_gpc=off
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503079/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8565
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34767

Scores

EPSS 0.0093
EPSS Percentile 55.8%

Details

CWE
CWE-89
Status published
Products (1)
projectcms/projectcms 1.0_beta
Published May 01, 2009
Tracked Since Feb 18, 2026