CVE-2010-4894

chillyCMS 1.1.3 - SQL Injection via Name Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4894. PoCs published by AmnPardaz.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and reflective XSS vulnerabilities in chillyCMS version 1.1.3. It includes proof-of-concept vectors for both vulnerabilities but does not contain executable exploit code.

Description

SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AmnPardaz · textwebappsphp

https://www.exploit-db.com/exploits/14897

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and reflective XSS vulnerabilities in chillyCMS version 1.1.3. It includes proof-of-concept vectors for both vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: chillyCMS 1.1.3

No auth needed

Prerequisites: access to the login page of the target application

MITRE ATT&CK