Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4783. PoCs published by c0dy.
AI-analyzed exploit summary This is a vulnerability writeup detailing XSS and SQL injection flaws in Theeta CMS. It provides affected URLs and basic exploitation examples but lacks functional exploit code.
Description
Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/, and (3) blog/index.php.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by c0dy · textwebappsphp
https://www.exploit-db.com/exploits/10290
This is a vulnerability writeup detailing XSS and SQL injection flaws in Theeta CMS. It provides affected URLs and basic exploitation examples but lacks functional exploit code.
Classification
Writeup 100%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
Theeta CMS (version unspecified)
No auth needed
Prerequisites:
network access to vulnerable Theeta CMS instance
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508148/100/0/threaded
Exploit x_refsource_misc
http://packetstormsecurity.org/0912-exploits/theeta-sqlxss.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37529
Scores
EPSS
0.0037
EPSS Percentile
59.2%
Details
CWE
CWE-89
Status
published
Products (2)
mntechsolutions/theeta_cms
0.0
mntechsolutions/theeta_cms
0.01
Published
Apr 21, 2010
Tracked Since
Feb 18, 2026