CVE-2012-1217

STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-1217. PoCs published by Liyan Oz.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in STHS v2 Web Portal 2.2, where the 'team' parameter in 'team.php' is vulnerable due to insufficient input sanitization. The exploit details are conceptual, lacking actual PoC code or payloads.

Description

Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by Liyan Oz · textwebappsphp

https://www.exploit-db.com/exploits/36771

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in STHS v2 Web Portal 2.2, where the 'team' parameter in 'team.php' is vulnerable due to insufficient input sanitization. The exploit details are conceptual, lacking actual PoC code or payloads.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: STHS v2 Web Portal 2.2

No auth needed

Prerequisites: Access to the vulnerable 'team.php' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Liyan Oz · textwebappsphp

https://www.exploit-db.com/exploits/36769

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in STHS v2 Web Portal 2.2, where the 'team' parameter in 'prospects.php' is not properly sanitized. It includes a basic example of an exploitable URL but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: STHS v2 Web Portal 2.2

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Liyan Oz · textwebappsphp

https://www.exploit-db.com/exploits/36770

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in STHS v2 Web Portal 2.2, where the 'team' parameter in 'prospect.php' is vulnerable due to insufficient input sanitization. It includes a basic example URL but lacks actual exploit code or payload details.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: STHS v2 Web Portal 2.2

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51991

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73154

Exploit x_refsource_misc

http://0nto.wordpress.com/2012/02/13/sths-v2-web-portal-2-2-sql-injection-vulnerabilty/

Exploit x_refsource_misc

http://packetstormsecurity.org/files/109665/STHS-v2-Web-Portal-2.2-SQL-Injection.html

Scores

EPSS 0.0165

EPSS Percentile 73.5%

Details

CWE

CWE-79

Status published

Products (1)

simhl/sths_v2_web_portal 2.2

Published Feb 21, 2012

Tracked Since Feb 18, 2026