Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-2113. PoCs published by YEnH4ckEr.
AI-analyzed exploit summary This Python script exploits a blind SQL injection vulnerability in FretsWeb 1.2 via the 'name' parameter in player.php. It brute-forces the admin password by leveraging time-based SQLi techniques.
Description
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · pythonwebappsphp
https://www.exploit-db.com/exploits/8980
This Python script exploits a blind SQL injection vulnerability in FretsWeb 1.2 via the 'name' parameter in player.php. It brute-forces the admin password by leveraging time-based SQLi techniques.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
FretsWeb 1.2
No auth needed
Prerequisites:
magic_quotes=OFF · valid username
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8980
Patch x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=966939
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35492
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/55168
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/55167
Scores
EPSS
0.0256
EPSS Percentile
83.0%
Details
CWE
CWE-89
Status
published
Products (1)
fretsweb_project/fretsweb
1.2
Published
Jun 18, 2009
Tracked Since
Feb 18, 2026