CVE-2010-1090

phpmysite - SQL Injection via Index.php Action Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1090. PoCs published by Crux.

AI-analyzed exploit summary This exploit demonstrates SQL injection via the 'action' GET parameter in index.php and XSS via POST parameters in contact.php for phpMySite. The PoC provides clear examples of injection points without obfuscation.

Description

SQL injection vulnerability in index.php in phpMySite allows remote attackers to execute arbitrary SQL commands via the action parameter.

Exploits (1)

exploitdb WORKING POC

by Crux · textwebappsphp

https://www.exploit-db.com/exploits/11588

View Code ZIP pw:eip

This exploit demonstrates SQL injection via the 'action' GET parameter in index.php and XSS via POST parameters in contact.php for phpMySite. The PoC provides clear examples of injection points without obfuscation.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: phpMySite (version unspecified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/0492

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/56573

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11588

Exploit x_refsource_misc

http://packetstormsecurity.org/1002-exploits/phpmysite-sqlxss.txt

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-89

Status published

Products (1)

phpmysite/phpmysite

Published Mar 24, 2010

Tracked Since Feb 18, 2026