CVE-2012-1778

CreateVision CMS - SQL Injection via artykul_print.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-1778. PoCs published by Zwierzchowski Oskar.

AI-analyzed exploit summary This Perl script exploits an SQL injection vulnerability in CreateVision CMS by injecting malicious SQL queries into the 'id' parameter of 'artykul_print.php'. It automates the extraction of database information, tables, columns, and user data.

Description

SQL injection vulnerability in artykul_print.php in CreateVision CMS allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Zwierzchowski Oskar · perlwebappsphp

https://www.exploit-db.com/exploits/36977

View Code ZIP pw:eip

This Perl script exploits an SQL injection vulnerability in CreateVision CMS by injecting malicious SQL queries into the 'id' parameter of 'artykul_print.php'. It automates the extraction of database information, tables, columns, and user data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: CreateVision CMS (All Versions)

No auth needed

Prerequisites: Target URL with vulnerable 'artykul_print.php' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/73483

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18525

Scores

EPSS 0.0027

EPSS Percentile 51.0%

Details

CWE

CWE-89

Status published

Products (1)

createvision/createvision_cms

Published Mar 19, 2012

Tracked Since Feb 18, 2026