CVE-2015-1467

Fork CMS < 3.8.6 - Authenticated SQL Injection via Translations Language or Type Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1467. PoCs published by Sven Schleier.

AI-analyzed exploit summary The writeup describes a SQL Injection vulnerability in Fork CMS version 3.8.5, where the 'language[]' and 'type[]' parameters in a GET request are prone to boolean-based blind and stacked queries SQL Injection. The vulnerability allows direct database access if exploited by an authenticated user.

Description

Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.

Exploits (1)

exploitdb WRITEUP
by Sven Schleier · textwebappsphp
https://www.exploit-db.com/exploits/36041

The writeup describes a SQL Injection vulnerability in Fork CMS version 3.8.5, where the 'language[]' and 'type[]' parameters in a GET request are prone to boolean-based blind and stacked queries SQL Injection. The vulnerability allows direct database access if exploited by an authenticated user.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Fork CMS 3.8.5
Auth required
Prerequisites: Authenticated user access · Network access to the target application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534616/100/0/threaded
Vendor Advisory x_refsource_confirm
http://www.fork-cms.com/blog/detail/fork-3.8.6-released
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/100668

Scores

EPSS 0.0239
EPSS Percentile 82.0%

Details

CWE
CWE-89
Status published
Products (1)
fork-cms/fork_cms < 3.8.5
Published Feb 06, 2015
Tracked Since Feb 18, 2026