CVE-2012-5698

HIGH

babygekko < 1.2.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5698.

AI-analyzed exploit summary The advisory provides functional SQL injection, local file inclusion, and XSS PoCs for BabyGekko CMS. It includes detailed HTTP request examples demonstrating exploitation techniques such as file writes via SQLi and directory traversal via LFI.

Description

BabyGekko before 1.2.4 has SQL injection.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/22741

View Code ZIP pw:eip

The advisory provides functional SQL injection, local file inclusion, and XSS PoCs for BabyGekko CMS. It includes detailed HTTP request examples demonstrating exploitation techniques such as file writes via SQLi and directory traversal via LFI.

Classification

Working Poc 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BabyGekko CMS 1.2.2e and prior

Auth required

Prerequisites: Administrator privileges or CSRF vector for SQLi · File write permissions for SQLi-based file creation · Directory traversal enabled for LFI

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/56523

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/80085

Scores

CVSS v3 8.8

EPSS 0.0175

EPSS Percentile 75.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

babygekko/babygekko < 1.2.4

Published Jan 23, 2020

Tracked Since Feb 18, 2026