CVE-2015-2803

Akronymmanager < 0.5.0 - Authenticated SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-2803. PoCs published by RedTeam Pentesting.

AI-analyzed exploit summary The advisory describes an SQL injection vulnerability in the TYPO3 extension 'Akronymmanager' (sb_akronymmanager) version <=0.5.0. The vulnerability allows authenticated attackers to inject SQL statements via the 'id' GET parameter, leading to potential data leakage or privilege escalation.

Description

SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP

by RedTeam Pentesting · textwebappsphp

https://www.exploit-db.com/exploits/37301

View Code ZIP pw:eip

The advisory describes an SQL injection vulnerability in the TYPO3 extension 'Akronymmanager' (sb_akronymmanager) version <=0.5.0. The vulnerability allows authenticated attackers to inject SQL statements via the 'id' GET parameter, leading to potential data leakage or privilege escalation.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TYPO3 extension sb_akronymmanager <=0.5.0

Auth required

Prerequisites: Authenticated access to the TYPO3 backend with privileges to use the Akronymmanager extension

MITRE ATT&CK