CVE-2009-2389

USOLVED NEWSolved 1.1.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2389. PoCs published by jmp-esp.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Newsolved CMS <= 1.1.6 to extract user credentials (username and MD5 password hashes) from the database. It also includes functionality to look up the MD5 hashes in online databases to retrieve plaintext passwords.

Description

Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by jmp-esp · perlwebappsphp

https://www.exploit-db.com/exploits/9042

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Newsolved CMS <= 1.1.6 to extract user credentials (username and MD5 password hashes) from the database. It also includes functionality to look up the MD5 hashes in online databases to retrieve plaintext passwords.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Newsolved CMS <= 1.1.6

No auth needed

Prerequisites: Magic_Quotes_GPC must be off · Target must be running Newsolved CMS <= 1.1.6

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/35611

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9042

Scores

EPSS 0.0085

EPSS Percentile 53.3%

Details

CWE

CWE-89

Status published

Products (1)

usolved/newsolved 1.1.6

Published Jul 09, 2009

Tracked Since Feb 18, 2026