CVE-2012-5699

CRITICAL

babygekko < 1.2.4 - PHP File Inclusion

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-5699.

AI-analyzed exploit summary The advisory provides functional SQL injection, local file inclusion, and XSS proof-of-concept exploits for BabyGekko CMS. It includes detailed payloads and attack vectors, demonstrating the vulnerabilities with clear technical examples.

Description

BabyGekko before 1.2.4 allows PHP file inclusion.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/22741

View Code ZIP pw:eip

The advisory provides functional SQL injection, local file inclusion, and XSS proof-of-concept exploits for BabyGekko CMS. It includes detailed payloads and attack vectors, demonstrating the vulnerabilities with clear technical examples.

Classification

Working Poc 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: BabyGekko CMS 1.2.2e and prior

Auth required

Prerequisites: Administrator privileges or CSRF vector for SQLi · Local file inclusion requires file write permissions

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry x_refsource_misc

http://www.securityfocus.com/bid/56523

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/80086

Scores

CVSS v3 9.8

EPSS 0.0780

EPSS Percentile 92.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

babygekko/babygekko < 1.2.4

Published Jan 23, 2020

Tracked Since Feb 18, 2026