CVE-2012-3350

Webmatic 3.1.1 - SQL Injection via Referer HTTP Header

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3350. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The advisory describes a blind SQL injection vulnerability in Webmatic 3.1.1 via the Referer HTTP header. Exploitation requires magic_quotes_gpc to be disabled and uses time-based techniques for verification.

Description

SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header.

Exploits (1)

exploitdb WRITEUP
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/19629

The advisory describes a blind SQL injection vulnerability in Webmatic 3.1.1 via the Referer HTTP header. Exploitation requires magic_quotes_gpc to be disabled and uses time-based techniques for verification.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Webmatic 3.1.1 and prior
No auth needed
Prerequisites: magic_quotes_gpc set to off
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23096
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76774
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/83538
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2012-07/0026.html
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/19629
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54287

Scores

EPSS 0.0293
EPSS Percentile 85.3%

Details

CWE
CWE-89
Status published
Products (1)
valarsoft/webmatic 3.1.1
Published Jul 12, 2012
Tracked Since Feb 18, 2026