CVE-2012-5167

ATutor AContent <1.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5167.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in AContent 1.2, including SQL injection via unsanitized POST parameters, improper authentication allowing password changes, and XSS via GET parameters. Functional PoC forms and URLs are provided for each vulnerability.

Description

Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 allow remote attackers to execute arbitrary SQL commands via the (1) field parameter to course_category/index_inline_editor_submit.php or (2) user/index_inline_editor_submit.php; or (3) id parameter to user/user_password.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/22160

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in AContent 1.2, including SQL injection via unsanitized POST parameters, improper authentication allowing password changes, and XSS via GET parameters. Functional PoC forms and URLs are provided for each vulnerability.

Classification

Working Poc 100%

Attack Type

Sqli | Auth Bypass | Xss

Complexity

Trivial

Reliability

Reliable

Target: AContent 1.2

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK