Description
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by BHG Security Center · textwebappsphp
https://www.exploit-db.com/exploits/36522
exploitdb
WRITEUP
VERIFIED
by BHG Security Center · textwebappsphp
https://www.exploit-db.com/exploits/36523
exploitdb
WORKING POC
VERIFIED
by BHG Security Center · textwebappsphp
https://www.exploit-db.com/exploits/36521
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/108438/atar2bcms-sql.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72234
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51317
Scores
EPSS
0.0058
EPSS Percentile
69.0%
Details
CWE
CWE-89
Status
published
Products (1)
atar2b/atar2b_cms
4.0.1
Published
Oct 04, 2012
Tracked Since
Feb 18, 2026