CVE-2015-1423

Gecko CMS 2.2-2.3 - Authenticated SQL Injection via Admin Index Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1423. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Gecko CMS 2.3, including CSRF for admin creation, stored and reflected XSS, and SQL injection. It provides specific payloads and parameters for exploitation.

Description

Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/35767

The exploit demonstrates multiple vulnerabilities in Gecko CMS 2.3, including CSRF for admin creation, stored and reflected XSS, and SQL injection. It provides specific payloads and parameters for exploitation.

Classification
Working Poc 100%
Attack Type
Xss | Sqli | Csrf
Complexity
Trivial
Reliability
Reliable
Target: Gecko CMS 2.3 and 2.2
Auth required
Prerequisites: Access to admin interface · Valid session for CSRF
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/35767
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99976
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/116968

Scores

EPSS 0.0180
EPSS Percentile 75.6%

Details

CWE
CWE-89
Status published
Products (2)
jakweb/gecko_cms 2.2
jakweb/gecko_cms 2.3
Published Jan 29, 2015
Tracked Since Feb 18, 2026