CVE-2012-3791
Cms-center Simple Web Content Management System - SQL Injection
Title source: ruleDescription
Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by loneferret · textwebappsphp
https://www.exploit-db.com/exploits/18955
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53749
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/82414
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18955
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/82412
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/82413
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75999
Scores
EPSS
0.0144
EPSS Percentile
80.8%
Details
CWE
CWE-89
Status
published
Products (1)
cms-center/simple_web_content_management_system
1.1
Published
Jun 21, 2012
Tracked Since
Feb 18, 2026