CVE-2009-2881

Basilic 1.5.13 - SQL Injection via idAuthor Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2881. PoCs published by NoGe.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Basilic 1.5.13. It provides vulnerable file details, exploit URLs, and proof-of-concept examples but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/9246

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Basilic 1.5.13. It provides vulnerable file details, exploit URLs, and proof-of-concept examples but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Basilic version 1.5.13

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2005

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/51992

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9246

Scores

EPSS 0.0115

EPSS Percentile 62.8%

Details

CWE

CWE-89

Status published

Products (1)

artis.imag/basilic 1.5.13

Published Aug 20, 2009

Tracked Since Feb 18, 2026