CVE-2020-29280

CRITICAL

Victor CMS 1.0 - SQL Injection via Search Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29280. PoCs published by screetsec.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Victor CMS 1.0 via the 'search' parameter in search.php. It includes a functional payload and a Burp Suite request example to extract database information.

Description

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.

Exploits (1)

exploitdb WORKING POC

by screetsec · textwebappsphp

https://www.exploit-db.com/exploits/48734

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Victor CMS 1.0 via the 'search' parameter in search.php. It includes a functional payload and a Burp Suite request example to extract database information.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Victor CMS 1.0

No auth needed

Prerequisites: Access to the search.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://github.com/BigTiger2020/Victor-CMS-/blob/main/README.md

View Writeup ZIP pw:eip

Third Party Advisory x_refsource_misc

https://github.com/VictorAlagwu/CMSsite/issues/13

Third Party Advisory, VDB Entry x_refsource_misc

https://www.exploit-db.com/exploits/48734

Scores

CVSS v3 9.8

EPSS 0.0187

EPSS Percentile 76.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

victor_cms_project/victor_cms 1.0

Published Dec 02, 2020

Tracked Since Feb 18, 2026