CVE-2012-4281

Travelon Express 6.2.2 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-4281. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Travelon Express CMS v6.2.2, including SQL injection, persistent XSS, and arbitrary file upload. It provides detailed PoC examples for each vulnerability, including specific endpoints and payloads.

Description

Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow remote attackers to execute arbitrary SQL commands via the hid parameter to (1) holiday.php or (2) holiday_book.php, (3) id parameter to pages.php, (4) fid parameter to admin/airline-edit.php, or (5) cid parameter to admin/customer-edit.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/18871

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Travelon Express CMS v6.2.2, including SQL injection, persistent XSS, and arbitrary file upload. It provides detailed PoC examples for each vulnerability, including specific endpoints and payloads.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: Travelon Express CMS v6.2.2

Auth required

Prerequisites: Access to vulnerable endpoints · Privileged user account for some exploits

MITRE ATT&CK