CVE-2012-1294

CONTIMEX Impulsio CMS - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1294. PoCs published by sonyy.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Impulsio CMS, where user-supplied input is not properly sanitized before being used in SQL queries. The example URL demonstrates how an attacker could inject malicious SQL code via the 'id' parameter.

Description

SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by sonyy · textwebappsphp
https://www.exploit-db.com/exploits/36830

The provided text describes an SQL injection vulnerability in Impulsio CMS, where user-supplied input is not properly sanitized before being used in SQL queries. The example URL demonstrates how an attacker could inject malicious SQL code via the 'id' parameter.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Impulsio CMS
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/52063
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/73303

Scores

EPSS 0.0111
EPSS Percentile 61.7%

Details

CWE
CWE-89
Status published
Products (1)
contimex/impulsio_cms
Published Feb 23, 2012
Tracked Since Feb 18, 2026