CVE-2013-6058

appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-6058. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This advisory describes a blind SQL injection vulnerability in appRain 3.0.2, where insufficient validation of user-supplied data in the '/blog-by-cat/' URL parameter allows arbitrary SQL command execution. The example provided demonstrates conditional query manipulation to infer database information.

Description

SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.

Exploits (1)

exploitdb WRITEUP

by High-Tech Bridge SA · textwebappsphp

https://www.exploit-db.com/exploits/29514

View Code ZIP pw:eip

This advisory describes a blind SQL injection vulnerability in appRain 3.0.2, where insufficient validation of user-supplied data in the '/blog-by-cat/' URL parameter allows arbitrary SQL command execution. The example provided demonstrates conditional query manipulation to infer database information.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: appRain 3.0.2 and prior

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-11/0026.html

Exploit x_refsource_misc

http://packetstormsecurity.com/files/123929

Exploit x_refsource_misc

https://www.htbridge.com/advisory/HTB23177

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/62937

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/29514

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/88581

Scores

EPSS 0.0248

EPSS Percentile 82.5%

Details

CWE

CWE-89

Status published

Products (9)

apprain/apprain 0.1.0

apprain/apprain 0.1.1

apprain/apprain 0.1.2

apprain/apprain 0.1.3

apprain/apprain 0.1.4

apprain/apprain 0.1.5

apprain/apprain 0.2.1.1

apprain/apprain 3.0.1

apprain/apprain < 3.0.2

Published Nov 14, 2013

Tracked Since Feb 18, 2026