CVE-2010-2316

wmscms < 2.0 - Cross-Site Scripting via search, sbr, p, or sbl Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2316. PoCs published by Ariko-Security.

AI-analyzed exploit summary This advisory details XSS and SQL injection vulnerabilities in WMSCMS, specifically in the 'default.asp' and 'printpage.asp' files. It identifies multiple parameters that are not properly sanitized, leading to potential exploitation.

Description

Multiple cross-site scripting (XSS) vulnerabilities in default.asp in WmsCms 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search, (2) sbr, (3) p, and (4) sbl parameters, different vectors than CVE-2007-3137.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ariko-Security · textwebappsphp

https://www.exploit-db.com/exploits/13739

View Code ZIP pw:eip

This advisory details XSS and SQL injection vulnerabilities in WMSCMS, specifically in the 'default.asp' and 'printpage.asp' files. It identifies multiple parameters that are not properly sanitized, leading to potential exploitation.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: WMSCMS (all versions)

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1361

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40593

Exploit x_refsource_misc

http://www.exploit-db.com/exploits/13739

Scores

EPSS 0.0296

EPSS Percentile 85.4%

Details

CWE

CWE-79

Status published

Products (1)

wmsdesign/wmscms < 2.0

Published Jun 17, 2010

Tracked Since Feb 18, 2026