CVE-2012-5342

SenseSites CommonSense CMS - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2012-5342. PoCs published by H4ckCity Security Team.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in CommonSense CMS, where the 'id' parameter in 'special.php' is not properly sanitized. It references a SecurityFocus BID but lacks actual exploit code or technical details.

Description

Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) special.php, (2) article.php, or (3) cat2.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by H4ckCity Security Team · textwebappsphp
https://www.exploit-db.com/exploits/37941

The provided text describes a SQL injection vulnerability in CommonSense CMS, where the 'id' parameter in 'special.php' is not properly sanitized. It references a SecurityFocus BID but lacks actual exploit code or technical details.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CommonSense CMS (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by H4ckCity Security Team · textwebappsphp
https://www.exploit-db.com/exploits/37940

The provided text describes a SQL injection vulnerability in CommonSense CMS, where the 'id' parameter in 'cat2.php' is not properly sanitized. It references a security advisory but does not include actual exploit code or technical details for execution.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CommonSense CMS
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by H4ckCity Security Team · textwebappsphp
https://www.exploit-db.com/exploits/37942

The provided text describes a SQL injection vulnerability in CommonSense CMS, where user-supplied input is not properly sanitized before being used in SQL queries. The example URL demonstrates a potential injection point via the 'id' parameter.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CommonSense CMS
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72158

Scores

EPSS 0.0106
EPSS Percentile 60.1%

Details

CWE
CWE-89
Status published
Products (1)
michau_enterprises_llc/commonsense_cms
Published Oct 09, 2012
Tracked Since Feb 18, 2026