Description
SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes ("%00") in the view parameter, which bypasses a protection mechanism.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by AmnPardaz Security Research Team · textwebappsphp
https://www.exploit-db.com/exploits/33656
References (5)
Core 5
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38309
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56423
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/509603/100/0/threaded
Exploit x_refsource_misc
http://www.packetstormsecurity.org/1002-exploits/spherecms-sql.txt
Exploit x_refsource_misc
http://www.bugreport.ir/index_68.htm
Scores
EPSS
0.0042
EPSS Percentile
61.8%
Details
CWE
CWE-89
Status
published
Products (1)
sphere.xlentprojects/spherecms
1.1 alpha
Published
Mar 23, 2010
Tracked Since
Feb 18, 2026