CVE-2019-16065

HIGH

Enigma NMS < 65.0.0 - SQL Injection via manage_hosts_short.cgi search_pattern Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-16065. PoCs published by xerubus.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Enigma NMS via the 'search_pattern' parameter in a GET request. The payload uses a time-based SQLi technique (SLEEP(5)) to confirm the vulnerability.

Description

A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows an attacker to execute SQL commands to expose and compromise the web server, expose database tables and values, and potentially execute system-based commands as the mysql user. This affects the search_pattern value of the manage_hosts_short.cgi script.

Exploits (1)

exploitdb WORKING POC

by xerubus · textwebappsmultiple

https://www.exploit-db.com/exploits/47365

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Enigma NMS via the 'search_pattern' parameter in a GET request. The payload uses a time-based SQLi technique (SLEEP(5)) to confirm the vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Enigma NMS 65.0.0

No auth needed

Prerequisites: Access to the Enigma NMS web interface

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.mogozobo.com/?p=3647

Scores

CVSS v3 8.8

EPSS 0.0281

EPSS Percentile 84.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

netsas/enigma_network_management_solution < 65.0.0

Published Mar 19, 2020

Tracked Since Feb 18, 2026