CVE-2009-4798

Diskos CMS 6.x - SQL Injection via side.asp kat Parameter and Admin Login Fields

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4798. PoCs published by AnGeL25dZ.

AI-analyzed exploit summary This is a vulnerability writeup for Diskos CMS Manager, detailing SQL injection, admin bypass, and database disclosure vulnerabilities. It provides exploit URLs and credentials for bypassing authentication but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AnGeL25dZ · textwebappsasp

https://www.exploit-db.com/exploits/8307

View Code ZIP pw:eip

This is a vulnerability writeup for Diskos CMS Manager, detailing SQL injection, admin bypass, and database disclosure vulnerabilities. It provides exploit URLs and credentials for bypassing authentication but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Diskos CMS Manager

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK