Exploitation Summary
EIP tracks 1 public exploit for CVE-2017-15970. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in PHP CityPortal 2.0. It provides details on the vulnerable parameter and example payloads for exploitation.
Description
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
Exploits (1)
exploitdb
WRITEUP
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/43089
This is a writeup describing a SQL injection vulnerability in PHP CityPortal 2.0. It provides details on the vulnerable parameter and example payloads for exploitation.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
PHP CityPortal 2.0
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/144440/PHP-CityPortal-2.0-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43089/
Scores
CVSS v3
9.8
EPSS
0.0220
EPSS Percentile
80.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
phpcityportal/phpcityportal
2.0
Published
Oct 29, 2017
Tracked Since
Feb 18, 2026