CVE-2009-2153

Impleo Music Collection 2.0 - Cross-Site Scripting via Sort Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2153. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates SQL injection for authentication bypass and XSS in Impleo Music Collection 2.0. The SQLi requires magic_quotes_gpc to be off and allows bypassing login with a crafted username. The XSS is triggered via a malicious script in the 'sort' parameter.

Description

Cross-site scripting (XSS) vulnerability in index.php in Impleo Music Collection 2.0 allows remote attackers to inject arbitrary web script or HTML via the sort parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/8947

View Code ZIP pw:eip

This exploit demonstrates SQL injection for authentication bypass and XSS in Impleo Music Collection 2.0. The SQLi requires magic_quotes_gpc to be off and allows bypassing login with a crafted username. The XSS is triggered via a malicious script in the 'sort' parameter.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Impleo Music Collection 2.0

No auth needed

Prerequisites: magic_quotes_gpc = off · access to login page or vulnerable parameter

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8947

Scores

EPSS 0.0126

EPSS Percentile 65.5%

Details

CWE

CWE-79

Status published

Products (1)

sappy.dk/impleo_music_collection 2.0

Published Jun 22, 2009

Tracked Since Feb 18, 2026