CVE-2010-2615

grafik_cms 1.1.2 - Cross-Site Scripting via page_menu and description Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2615. PoCs published by 10n1z3d.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in Grafik CMS 1.1.2, allowing attackers to change admin passwords, create admin users, delete users/pages, and log out administrators via crafted HTML forms or image tags.

Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 10n1z3d · htmlwebappsphp
https://www.exploit-db.com/exploits/14342

This exploit demonstrates multiple CSRF vulnerabilities in Grafik CMS 1.1.2, allowing attackers to change admin passwords, create admin users, delete users/pages, and log out administrators via crafted HTML forms or image tags.

Classification
Working Poc 100%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Grafik CMS 1.1.2
No auth needed
Prerequisites: Victim must be authenticated as an admin and visit the malicious page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1629
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512072/100/0/threaded

Scores

EPSS 0.0145
EPSS Percentile 70.0%

Details

CWE
CWE-79
Status published
Products (2)
grafik-power/grafik_cms 1.1.1
grafik-power/grafik_cms < 1.1.2
Published Jul 02, 2010
Tracked Since Feb 18, 2026