CVE-2009-1584

TemaTres 1.0.3 and 1.031 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1584. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in TemaTres V1.0.3, including SQL injection, authentication bypass, and cross-site scripting (XSS). It provides specific payloads and URLs to exploit these vulnerabilities, with clear examples for both authenticated and unauthenticated users.

Description

Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8615

This exploit demonstrates multiple vulnerabilities in TemaTres V1.0.3, including SQL injection, authentication bypass, and cross-site scripting (XSS). It provides specific payloads and URLs to exploit these vulnerabilities, with clear examples for both authenticated and unauthenticated users.

Classification
Working Poc 95%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TemaTres V1.0.3
No auth needed
Prerequisites: gpc_magic_quotes=off · DBPREFIX='lc_' (Default)
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by YEnH4ckEr · perlwebappsphp
https://www.exploit-db.com/exploits/8616

This Perl script exploits a blind SQL injection vulnerability in TemaTres CMS v1.0.3 via the 'dcTema', 'madsTema', 'zthesTema', 'skosTema', and 'xtmTema' parameters. It automates the extraction of user data by brute-forcing character values based on ASCII responses.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: TemaTres CMS v1.0.3
No auth needed
Prerequisites: magic_quotes=off · access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503256
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8615
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54246
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34830
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54245
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8616
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503252/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34983

Scores

EPSS 0.0261
EPSS Percentile 83.4%

Details

CWE
CWE-89
Status published
Products (2)
r020/tematres 1.0.3
r020/tematres 1.031
Published May 07, 2009
Tracked Since Feb 18, 2026