CVE-2010-1583

Tirzen Framework <1.5 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1583. PoCs published by Justin C. Klein Keane.

AI-analyzed exploit summary The writeup details a SQL injection vulnerability in the Tirzen Framework's TznDbConnection class, specifically in the loadByKey() function, which fails to sanitize user input. This flaw allows attackers to bypass authentication in Task Freak Multi User by injecting malicious SQL queries.

Description

SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Justin C. Klein Keane · textwebappsphp
https://www.exploit-db.com/exploits/12452

The writeup details a SQL injection vulnerability in the Tirzen Framework's TznDbConnection class, specifically in the loadByKey() function, which fails to sanitize user input. This flaw allows attackers to bypass authentication in Task Freak Multi User by injecting malicious SQL queries.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Task Freak Multi User / mySQL v0.6.2 with Tirzen Framework 1.5
No auth needed
Prerequisites: Access to the login interface of Task Freak
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58241
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39793
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12452
Various Sources x_refsource_misc
http://www.madirish.net/?article=456
Various Sources x_refsource_misc
http://www.taskfreak.com/versions.html

Scores

EPSS 0.0204
EPSS Percentile 78.6%

Details

CWE
CWE-89
Status published
Products (19)
taskfreak/taskfreak\! 0.1
taskfreak/taskfreak\! 0.1.2
taskfreak/taskfreak\! 0.1.3
taskfreak/taskfreak\! 0.1.4
taskfreak/taskfreak\! 0.4.0
taskfreak/taskfreak\! 0.4.1
taskfreak/taskfreak\! 0.4.2
taskfreak/taskfreak\! 0.5.0
taskfreak/taskfreak\! 0.5.1
taskfreak/taskfreak\! 0.5.2
... and 9 more
Published May 06, 2010
Tracked Since Feb 18, 2026