CVE-2010-4780

Enano CMS <1.1.8-1.0.6pl3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4780. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The document describes SQL injection and path disclosure vulnerabilities in Enano CMS 1.1.7pl1. It provides technical details on how user-supplied input in the 'email' and 'title' variables is improperly sanitized, leading to SQL injection and path disclosure.

Description

SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15645

View Code ZIP pw:eip

The document describes SQL injection and path disclosure vulnerabilities in Enano CMS 1.1.7pl1. It provides technical details on how user-supplied input in the 'email' and 'title' variables is improperly sanitized, leading to SQL injection and path disclosure.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Enano CMS 1.1.7pl1

Auth required

Prerequisites: Access to the registration and login functionality of Enano CMS

MITRE ATT&CK