CVE-2015-7570

HIGH

Yeager CMS 1.2.1 - Server-Side Request Forgery via dbhost Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-7570. PoCs published by SEC Consult.

AI-analyzed exploit summary This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Description

Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappsphp

https://www.exploit-db.com/exploits/39436

View Code ZIP pw:eip

This is a security advisory detailing multiple vulnerabilities in Yeager CMS 1.2.1, including SQL injection, arbitrary file upload, SSRF, and XSS. It provides proof-of-concept URLs and descriptions but does not contain executable exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Ssrf | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: Yeager CMS 1.2.1

No auth needed

Prerequisites: Access to the target Yeager CMS instance · Valid email address for password reset exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/537493/100/0/threaded

Exploit, Patch, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39436/

Exploit, Patch, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/135716/Yeager-CMS-1.2.1-File-Upload-SQL-Injection-XSS-SSRF.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2016/Feb/44

Scores

CVSS v3 7.2

EPSS 0.0603

EPSS Percentile 92.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Details

CWE

CWE-918

Status published

Products (1)

yeager/yeager_cms 1.2.1

Published Apr 24, 2017

Tracked Since Feb 18, 2026