Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-4060. PoCs published by Farbod Mahini.
AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in XM Forum, detailing vulnerable endpoints and parameters. It lacks executable exploit code but serves as a technical advisory.
Description
Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) profile.asp, (2) forum.asp, or (3) topic.asp.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Farbod Mahini · textwebappsasp
https://www.exploit-db.com/exploits/37119
The provided text describes SQL injection vulnerabilities in XM Forum, detailing vulnerable endpoints and parameters. It lacks executable exploit code but serves as a technical advisory.
Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
XM Forum (version unspecified)
No auth needed
Prerequisites:
Access to vulnerable endpoints · Ability to craft malicious SQL queries
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112259/ASP-DEv-XM-Forums-SQL-Injection.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53292
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75261
Scores
EPSS
0.0111
EPSS Percentile
61.9%
Details
CWE
CWE-89
Status
published
Products (1)
asp-dev/xm_forums
Published
Jul 25, 2012
Tracked Since
Feb 18, 2026