CVE-2011-5031
capexweb 1.1 - SQL Injection via dfuserid and dfpassword Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2011-5031. PoCs published by D1rt3 Dud3.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Capexweb, allowing authentication bypass via crafted credentials. The provided payload bypasses login by manipulating the SQL query logic.
Description
Multiple SQL injection vulnerabilities in servlet/capexweb.parentvalidatepassword in cApexWEB 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) dfuserid and (2) dfpassword parameters. NOTE: some of these details are obtained from third party information.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in Capexweb, allowing authentication bypass via crafted credentials. The provided payload bypasses login by manipulating the SQL query logic.