CVE-2010-2436

anecms_blog < 1.3 - SQL Injection via PATH_INFO

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2436. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in AneCMS 1.3, where user-supplied input is not properly sanitized before being used in SQL queries. The exploit example demonstrates how an attacker could inject arbitrary SQL code via a crafted URL.

Description

SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO.

Exploits (1)

exploitdb WRITEUP VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/34141

The provided text describes an SQL injection vulnerability in AneCMS 1.3, where user-supplied input is not properly sanitized before being used in SQL queries. The exploit example demonstrates how an attacker could inject arbitrary SQL code via a crafted URL.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: AneCMS 1.3
No auth needed
Prerequisites: Access to the vulnerable AneCMS instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40840
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511812/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59436

Scores

EPSS 0.0097
EPSS Percentile 57.3%

Details

CWE
CWE-89
Status published
Products (2)
anecms/anecms_blog 1.0
anecms/anecms_blog < 1.3
Published Jun 24, 2010
Tracked Since Feb 18, 2026