CVE-2013-6985
Enorth Webpublisher CMS < 5.0 - SQL Injection via thisday Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2013-6985. PoCs published by xin.wang.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Enorth Webpublisher via a crafted POST request to log_searchday.jsp. The payload extracts user credentials from the TN_USER table using Oracle's UTL_INADDR.get_host_name function.
Description
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in Enorth Webpublisher via a crafted POST request to log_searchday.jsp. The payload extracts user credentials from the TN_USER table using Oracle's UTL_INADDR.get_host_name function.