CVE-2010-4781

Enano CMS <1.1.8-1.1.7pl2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4781. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The document describes SQL injection and path disclosure vulnerabilities in Enano CMS 1.1.7pl1. It provides technical details on how user-supplied input in the 'email' and 'title' variables is improperly sanitized, leading to SQL injection and path disclosure.

Description

index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15645

View Code ZIP pw:eip

The document describes SQL injection and path disclosure vulnerabilities in Enano CMS 1.1.7pl1. It provides technical details on how user-supplied input in the 'email' and 'title' variables is improperly sanitized, leading to SQL injection and path disclosure.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Enano CMS 1.1.7pl1

Auth required

Prerequisites: Access to the registration and login functionality of Enano CMS

MITRE ATT&CK

T1189 - Drive-by Compromise T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Various Sources x_refsource_confirm

http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15645

Exploit x_refsource_misc

http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/8183

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45120

Scores

EPSS 0.0302

EPSS Percentile 85.7%

Details

CWE

CWE-200

Status published

Products (23)

enanocms/enano_cms 0.8.1

enanocms/enano_cms 0.8.2

enanocms/enano_cms 0.8.3

enanocms/enano_cms 0.8.4

enanocms/enano_cms 0.9.1

enanocms/enano_cms 0.9.2

enanocms/enano_cms 0.9.3

enanocms/enano_cms 1.0

enanocms/enano_cms 1.0.1

enanocms/enano_cms 1.0.2

... and 13 more

Published Apr 07, 2011

Tracked Since Feb 18, 2026