CVE-2015-1467
Fork CMS < 3.8.6 - Authenticated SQL Injection via Translations Language or Type Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2015-1467. PoCs published by Sven Schleier.
AI-analyzed exploit summary The writeup describes a SQL Injection vulnerability in Fork CMS version 3.8.5, where the 'language[]' and 'type[]' parameters in a GET request are prone to boolean-based blind and stacked queries SQL Injection. The vulnerability allows direct database access if exploited by an authenticated user.
Description
Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to private/en/locale/index.
Exploits (1)
The writeup describes a SQL Injection vulnerability in Fork CMS version 3.8.5, where the 'language[]' and 'type[]' parameters in a GET request are prone to boolean-based blind and stacked queries SQL Injection. The vulnerability allows direct database access if exploited by an authenticated user.