Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-2498. PoCs published by Doraemon.
AI-analyzed exploit summary The document describes SQL injection (CVE-2013-2498) and cookie spoofing (CVE-2013-2499) vulnerabilities in Simple HRM system v2.3 and below. It details the vulnerable parameters, files, and attack vectors but does not include executable exploit code.
Description
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
Exploits (1)
The document describes SQL injection (CVE-2013-2498) and cookie spoofing (CVE-2013-2499) vulnerabilities in Simple HRM system v2.3 and below. It details the vulnerable parameters, files, and attack vectors but does not include executable exploit code.