CVE-2010-3458

Symphony CMS <2.1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3458. PoCs published by JosS.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Symphony CMS 2.0.7, including SQL injection, XSS, and cookie manipulation via POST parameters. The PoC provides specific payloads for each vulnerability type.

Description

SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/14968

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Symphony CMS 2.0.7, including SQL injection, XSS, and cookie manipulation via POST parameters. The PoC provides specific payloads for each vulnerability type.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: Symphony CMS 2.0.7

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK