CVE-2009-5102
ATCOM Netvolution 1.0 ASP - SQL Injection via bpe_nid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-5102. PoCs published by Ellinas.
AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in CMS netvolution v1.0. The SQLi allows extraction of database version, usernames, and passwords via error-based techniques, while the XSS is triggered via the 'email' parameter.
Description
SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ASP allows remote attackers to execute arbitrary SQL commands via the bpe_nid parameter.
Exploits (1)
This exploit demonstrates SQL injection and XSS vulnerabilities in CMS netvolution v1.0. The SQLi allows extraction of database version, usernames, and passwords via error-based techniques, while the XSS is triggered via the 'email' parameter.