CVE-2012-5894

Havalite Cms < 1.1.0 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the postId parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/18772

View Code ZIP pw:eip

References (4)

[Exploit] http://packetstormsecurity.org/files/111358/Havalite-CMS-Shell-Upload-SQL-Injection-Disclosure.html

[Vendor Advisory] http://secunia.com/advisories/48646

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74487

[Third Party Advisory, VDB Entry] http://osvdb.org/80769

Scores

EPSS 0.0165

EPSS Percentile 82.1%

Details

CWE

CWE-89

Status published

Products (1)

havalite/cms < 1.1.0

Published Nov 17, 2012

Tracked Since Feb 18, 2026