CVE-2011-5111

Kajian Website CMS Balitbang 3.x - SQL Injection via Hal Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-5111. PoCs published by X-Cisadane.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in CMS Balitbang, where the 'id' and 'hal' parameters in the URL are not properly sanitized. This allows an attacker to inject malicious SQL queries, potentially compromising the application or underlying database.

Description

Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang 3.x allow remote attackers to execute arbitrary SQL commands via the hal parameter to (1) the data module in alumni.php; or the (2) lih_buku, (3) artikel, (4) album, or (5) berita module in index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by X-Cisadane · textwebappsphp
https://www.exploit-db.com/exploits/36350

The provided text describes a SQL injection vulnerability in CMS Balitbang, where the 'id' and 'hal' parameters in the URL are not properly sanitized. This allows an attacker to inject malicious SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CMS Balitbang (version not specified)
No auth needed
Prerequisites: Access to the target application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by X-Cisadane · textwebappsphp
https://www.exploit-db.com/exploits/36351

The provided text describes a SQL injection vulnerability in CMS Balitbang, where user-supplied input is not properly sanitized in the 'alumni.php' script. The example URL demonstrates how an attacker could inject malicious SQL queries via the 'id', 'tahun', and 'hal' parameters.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CMS Balitbang (version not specified)
No auth needed
Prerequisites: Access to the vulnerable 'alumni.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/50797
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71466

Scores

EPSS 0.0112
EPSS Percentile 61.8%

Details

CWE
CWE-89
Status published
Products (1)
kajianwebsite/cms_balitbang 3.0
Published Aug 23, 2012
Tracked Since Feb 18, 2026