CVE-2012-5348

MangosWeb Enhanced 3.0.3 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5348. PoCs published by Hood3dRob1n.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in MangosWeb Enhanced Version 3.0.3, allowing unauthorized extraction of database information, user credentials, and MySQL user privileges via POST requests to the login form.

Description

SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote attackers to execute arbitrary SQL commands via the login parameter in a login action to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hood3dRob1n · textwebappsphp
https://www.exploit-db.com/exploits/18335

This exploit demonstrates a SQL injection vulnerability in MangosWeb Enhanced Version 3.0.3, allowing unauthorized extraction of database information, user credentials, and MySQL user privileges via POST requests to the login form.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: MangosWeb Enhanced Version 3.0.3
No auth needed
Prerequisites: Access to the login form of the target application · Ability to intercept and modify HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/18335
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/51314
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/72231
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47468

Scores

EPSS 0.0105
EPSS Percentile 59.9%

Details

CWE
CWE-89
Status published
Products (1)
wilson_steven/mangosweb_enhanced 3.0.3
Published Oct 09, 2012
Tracked Since Feb 18, 2026