CVE-2010-3482

Primitive CMS 1.0.9 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3482. PoCs published by Stephan Sattler.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in Primitive CMS 1.0.9, including unauthorized access, HTML injection, and blind SQL injection. It provides vulnerable code snippets and PoC examples for SQL injection via POST parameters.

Description

Multiple SQL injection vulnerabilities in cms_write.php in Primitive CMS 1.0.9 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) title and (2) menutitle parameters. NOTE: this can be leveraged with CVE-2010-3483 to conduct attacks without authentication.

Exploits (1)

exploitdb WRITEUP

by Stephan Sattler · textwebappsphp

https://www.exploit-db.com/exploits/15064

View Code ZIP pw:eip

The exploit details multiple vulnerabilities in Primitive CMS 1.0.9, including unauthorized access, HTML injection, and blind SQL injection. It provides vulnerable code snippets and PoC examples for SQL injection via POST parameters.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: Primitive CMS 1.0.9

No auth needed

Prerequisites: Access to the target CMS installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/2458

Exploit x_refsource_misc

http://packetstormsecurity.org/1009-exploits/primitive-sqlxss.txt

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15064

Scores

EPSS 0.0092

EPSS Percentile 55.6%

Details

CWE

CWE-89

Status published

Products (1)

bouzouste/primitive_cms 1.0.9

Published Sep 22, 2010

Tracked Since Feb 18, 2026