CVE-2009-2310

Extensible-BioLawCom CMS <0.2.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2310. PoCs published by dun.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in X-BLC CMS version 0.2.0 by extracting user credentials (id, login_name, password, email, status) via a UNION-based attack. It iterates through each character of the target fields using ORD and SUBSTRING functions.

Description

SQL injection vulnerability in include/get_read.php in Extensible-BioLawCom CMS (X-BLC) 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · perlwebappsphp

https://www.exploit-db.com/exploits/8258

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in X-BLC CMS version 0.2.0 by extracting user credentials (id, login_name, password, email, status) via a UNION-based attack. It iterates through each character of the target fields using ORD and SUBSTRING functions.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: X-BLC CMS <= 0.2.0

No auth needed

Prerequisites: Target URL with vulnerable X-BLC installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/34197

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/49352

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/8258

Scores

EPSS 0.0096

EPSS Percentile 56.8%

Details

CWE

CWE-89

Status published

Products (2)

bow_der_kleine/x-blc 0.1.4

bow_der_kleine/x-blc < 0.2.0

Published Jul 02, 2009

Tracked Since Feb 18, 2026