CVE-2010-2354
Pilot Group eLMS Pro - SQL Injection via subscribe.php course_id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2010-2354. PoCs published by Sid3^effects.
AI-analyzed exploit summary This is a technical writeup describing SQL injection and XSS vulnerabilities in eLMS Pro. It provides attack patterns and demo URLs but does not include functional exploit code.
Description
SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS Pro allows remote attackers to execute arbitrary SQL commands via the course_id parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Sid3^effects · textwebappsphp
https://www.exploit-db.com/exploits/13785
This is a technical writeup describing SQL injection and XSS vulnerabilities in eLMS Pro. It provides attack patterns and demo URLs but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target:
eLMS Pro
No auth needed
Prerequisites:
Access to the vulnerable application
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40163
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59296
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40677
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/13785
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1006-exploits/elms-sql-xss.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/65423
Scores
EPSS
0.0115
EPSS Percentile
62.7%
Details
CWE
CWE-89
Status
published
Products (1)
pilotgroup/elms_pro
Published
Jun 21, 2010
Tracked Since
Feb 18, 2026