CVE-2010-2317

WmsCms < 2.0 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2317. PoCs published by Ariko-Security.

AI-analyzed exploit summary This advisory details XSS and SQL injection vulnerabilities in WMSCMS, specifically in the 'default.asp' and 'printpage.asp' files. It identifies multiple parameters that are not properly sanitized, leading to potential exploitation.

Description

Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search, (2) sbr, (3) pid, (4) sbl, and (5) FilePath parameters to default.asp; and the (6) sbr, (7) pr, and (8) psPrice parameters to printpage.asp.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ariko-Security · textwebappsphp

https://www.exploit-db.com/exploits/13739

View Code ZIP pw:eip

This advisory details XSS and SQL injection vulnerabilities in WMSCMS, specifically in the 'default.asp' and 'printpage.asp' files. It identifies multiple parameters that are not properly sanitized, leading to potential exploitation.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: WMSCMS (all versions)

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://www.ariko-security.com/june2010/audyt_bezpieczenstwa_692.html

Exploit x_refsource_misc

http://www.exploit-db.com/exploits/13739/

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1361

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40591

Scores

EPSS 0.0200

EPSS Percentile 78.2%

Details

CWE

CWE-89

Status published

Products (1)

wmsdesign/wmscms < 2.0

Published Jun 17, 2010

Tracked Since Feb 18, 2026