CVE-2015-1372

ferretCMS 1.0.4-alpha - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1372.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload. It provides specific URLs and payloads for exploitation but does not include functional exploit code.

Description

SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/35914

This advisory details multiple vulnerabilities in ferretCMS v1.0.4-alpha, including stored/reflected XSS, SQL injection, and arbitrary file upload. It provides specific URLs and payloads for exploitation but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Xss | Sqli | Other
Complexity
Trivial
Reliability
Reliable
Target: ferretCMS v1.0.4-alpha
No auth needed
Prerequisites: Access to the administrative backend for some vulnerabilities
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Issue Tracking x_refsource_confirm
https://github.com/JRogaishio/ferretCMS/issues/63
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/72287
Exploit mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/01/23/3
Exploit mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/98

Scores

EPSS 0.0236
EPSS Percentile 81.5%

Details

CWE
CWE-89
Status published
Products (1)
ferretcms_project/ferretcms 1.0.4 alpha
Published Jan 27, 2015
Tracked Since Feb 18, 2026