CVE-2012-1026

XRay CMS 1.1.1 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED

by chap0 · textwebappsphp

https://www.exploit-db.com/exploits/18467

View Code ZIP pw:eip

References (5)

Core 5

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51870

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73000

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18467

Product x_refsource_misc

http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461

Scores

EPSS 0.0017

EPSS Percentile 37.7%

Details

CWE

CWE-89

Status published

Products (1)

johannes_ekberg/xray_cms 1.1.1

Published Feb 08, 2012

Tracked Since Feb 18, 2026