Description
SQL injection vulnerability in index.php in Energine, possibly 2.3.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the NRGNSID cookie.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/15327
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514494/100/0/threaded
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41973
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15327
Scores
EPSS
0.0037
EPSS Percentile
59.1%
Details
CWE
CWE-89
Status
published
Products (3)
energine/energine
2.1
energine/energine
2.2
energine/energine
< 2.3.8
Published
Nov 05, 2010
Tracked Since
Feb 18, 2026