CVE-2010-5318

SweetRice CMS < 0.6.7.1 - Unauthenticated Password Reset via Email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5318. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates a logic error in SweetRice CMS 0.6.7 allowing an attacker to reset the admin password via a crafted POST request. It also includes PoCs for XSS and SQL injection vulnerabilities in the same software.

Description

The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/15413

View Code ZIP pw:eip

The exploit demonstrates a logic error in SweetRice CMS 0.6.7 allowing an attacker to reset the admin password via a crafted POST request. It also includes PoCs for XSS and SQL injection vulnerabilities in the same software.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: SweetRice CMS 0.6.7

No auth needed

Prerequisites: knowledge of admin email address

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB22667

Scores

EPSS 0.0176

EPSS Percentile 75.0%

Details

CWE

CWE-255

Status published

Products (1)

basic-cms/sweetrice 0.6.7.1

Published Jan 03, 2015

Tracked Since Feb 18, 2026