CVE-2010-5057

CMS Ariadna 1.1 - SQL Injection via detResolucion.php tipodoc_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5057. PoCs published by Andrés Gómez.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in CMS Ariadna 2009 by injecting a malicious SQL query into the 'tipodoc_id' parameter. It extracts administrator credentials from the database and displays them to the attacker.

Description

SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 allows remote attackers to execute arbitrary SQL commands via the tipodoc_id parameter.

Exploits (1)

exploitdb WORKING POC
by Andrés Gómez · textwebappsphp
https://www.exploit-db.com/exploits/12301

This Perl script exploits a SQL injection vulnerability in CMS Ariadna 2009 by injecting a malicious SQL query into the 'tipodoc_id' parameter. It extracts administrator credentials from the database and displays them to the attacker.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: CMS Ariadna 2009
No auth needed
Prerequisites: A vulnerable instance of CMS Ariadna 2009 with exposed 'detResolucion.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57944
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39589
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0943
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39486
Exploit, Third Party Advisory x_refsource_misc
http://www.exploit-db.com/exploits/12301
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.org/1004-exploits/cmsariadna-sql.txt

Scores

EPSS 0.0241
EPSS Percentile 81.9%

Details

CWE
CWE-89
Status published
Products (1)
alephsystem/cms_ariadna 1.1
Published Nov 23, 2011
Tracked Since Feb 18, 2026