CVE-2009-1585

TemaTres 1.031 - SQL Injection via id_correo_electronico or id_password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1585. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in TemaTres V1.0.3, including SQL injection, authentication bypass, and cross-site scripting (XSS). It provides specific payloads and URLs to exploit these vulnerabilities, with clear examples for both authenticated and unauthenticated users.

Description

Multiple SQL injection vulnerabilities in TemaTres 1.031, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id_correo_electronico and (2) id_password parameters to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8615

This exploit demonstrates multiple vulnerabilities in TemaTres V1.0.3, including SQL injection, authentication bypass, and cross-site scripting (XSS). It provides specific payloads and URLs to exploit these vulnerabilities, with clear examples for both authenticated and unauthenticated users.

Classification
Working Poc 95%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: TemaTres V1.0.3
No auth needed
Prerequisites: gpc_magic_quotes=off · DBPREFIX='lc_' (Default)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54244
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34983

Scores

EPSS 0.0088
EPSS Percentile 54.3%

Details

CWE
CWE-89
Status published
Products (1)
r020/tematres 1.031
Published May 07, 2009
Tracked Since Feb 18, 2026