CVE-2009-2327

KerviNet Forum < 1.1 - Authenticated Cross-Site Scripting via v_variant1 Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2327. PoCs published by eLwaux.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in KerviNet, including blind SQL injection, SQL injection, XSS (stored and reflected), path disclosure, and unauthorized user deletion. It provides specific payloads and attack vectors for each vulnerability.

Description

Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by eLwaux · textwebappsphp

https://www.exploit-db.com/exploits/9068

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in KerviNet, including blind SQL injection, SQL injection, XSS (stored and reflected), path disclosure, and unauthorized user deletion. It provides specific payloads and attack vectors for each vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: KerviNet (version not specified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55676

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9068

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55695

Scores

EPSS 0.0254

EPSS Percentile 82.9%

Details

CWE

CWE-79

Status published

Products (1)

max_kervin/kervinet_forum < 1.1

Published Jul 05, 2009

Tracked Since Feb 18, 2026