CVE-2015-6962

Farol - SQL Injection via Email Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6962. PoCs published by Thierry Fernandes Faria.

AI-analyzed exploit summary This is a writeup describing an unauthenticated SQL injection vulnerability in the FAROL web application's login page. The vulnerability allows for error-based SQL injection via the 'email' parameter, potentially leaking database information.

Description

SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.

Exploits (1)

exploitdb WRITEUP
by Thierry Fernandes Faria · textwebappsphp
https://www.exploit-db.com/exploits/38213

This is a writeup describing an unauthenticated SQL injection vulnerability in the FAROL web application's login page. The vulnerability allows for error-based SQL injection via the 'email' parameter, potentially leaking database information.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FAROL web application (all versions)
No auth needed
Prerequisites: Access to the vulnerable login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/133610/Farol-SQL-Injection.html
Exploit exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/38213/

Scores

EPSS 0.0210
EPSS Percentile 79.3%

Details

CWE
CWE-89
Status published
Products (1)
teiko/farol
Published Sep 17, 2015
Tracked Since Feb 18, 2026