CVE-2022-24223

CRITICAL NUCLEI

AtomCMS 2.0 - SQL Injection via Admin Login Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-24223. PoCs published by Luca Cuzzolin. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in AtomCMS v2.0, specifically time-based blind and UNION-based SQLi via the 'email' parameter in the admin login form. The payloads include SLEEP-based delays and data extraction via UNION queries.

Description

AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.

Exploits (1)

exploitdb WORKING POC
by Luca Cuzzolin · textwebappsphp
https://www.exploit-db.com/exploits/50727

This exploit demonstrates SQL injection vulnerabilities in AtomCMS v2.0, specifically time-based blind and UNION-based SQLi via the 'email' parameter in the admin login form. The payloads include SLEEP-based delays and data extraction via UNION queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: AtomCMS v2.0
No auth needed
Prerequisites: Access to the admin login page · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Atom CMS v2.0 - SQL Injection
CRITICALVERIFIEDby theamanrawat

References (2)

Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/thedigicraft/Atom.CMS/issues/255
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/165922/Atom-CMS-2.0-SQL-Injection.html

Scores

CVSS v3 9.8
EPSS 0.6197
EPSS Percentile 99.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
thedigitalcraft/atomcms 2.0
Published Feb 01, 2022
Tracked Since Feb 18, 2026