CVE-2012-5291

Posse Softball Director CMS - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5291. PoCs published by Easy Laster.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Posse Softball Director CMS via the 'idteam' parameter in team.php. It provides example URLs to confirm the vulnerability by testing true/false conditions.

Description

SQL injection vulnerability in team.php in Posse Softball Director CMS allows remote attackers to execute arbitrary SQL commands via the idteam parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Easy Laster · textwebappsphp

https://www.exploit-db.com/exploits/18320

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Posse Softball Director CMS via the 'idteam' parameter in team.php. It provides example URLs to confirm the vulnerability by testing true/false conditions.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Posse Softball Director CMS 1.0

No auth needed

Prerequisites: Access to the vulnerable team.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/72135

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/51299

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18320

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/82483

Scores

EPSS 0.0112

EPSS Percentile 61.8%

Details

CWE

CWE-89

Status published

Products (1)

possesports/posse_softball_director_cms

Published Oct 04, 2012

Tracked Since Feb 18, 2026