Description
SQL injection vulnerability in firma.php in Bartels Schone ConPresso 4.0.7 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Gamoscu · textwebappsphp
https://www.exploit-db.com/exploits/12684
References (4)
Core 4
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/12684
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40335
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58798
Exploit x_refsource_misc
http://packetstormsecurity.org/1005-exploits/conpresso407-sql.txt
Scores
EPSS
0.0072
EPSS Percentile
72.6%
Details
CWE
CWE-89
Status
published
Products (1)
bartels-schoene/conpresso
4.0.7
Published
Jun 01, 2010
Tracked Since
Feb 18, 2026