CVE-2015-7568

CRITICAL

Yeager CMS 1.2.1 - SQL Injection via Password Recovery UserEmail Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7568. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Description

SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.

Exploits (1)

exploitdb WRITEUP
by SEC Consult · textwebappsphp
https://www.exploit-db.com/exploits/39436

This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Xss | Ssrf | Info Leak | Auth Bypass
Complexity
Moderate
Reliability
Theoretical
Target: Yeager CMS 1.2.1
No auth needed
Prerequisites: Access to the target Yeager CMS instance · Valid email address for password reset exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/537493/100/0/threaded
Exploit, Patch, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/39436/
Exploit, Patch, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/Feb/44

Scores

CVSS v3 9.8
EPSS 0.0585
EPSS Percentile 90.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
yeager/yeager_cms 1.2.1
Published Apr 24, 2017
Tracked Since Feb 18, 2026