Exploitation Summary
EIP tracks 1 public exploit for CVE-2009-4982. PoCs published by Ins3t.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Irokez 0.7.1 due to insufficient input sanitization in the select() function when magic_quotes_gpc is disabled. The PoC provides a crafted URL to extract user credentials from the icm_users table.
Description
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to the default URI.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in Irokez 0.7.1 due to insufficient input sanitization in the select() function when magic_quotes_gpc is disabled. The PoC provides a crafted URL to extract user credentials from the icm_users table.