CVE-2023-53926

CRITICAL

PHPJabbers Simple CMS 5.0 - SQL Injection

Title source: llm

Description

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.

Exploits (1)

exploitdb WORKING POC

by Ahmet Ümit BAYRAM · textwebappsphp

https://www.exploit-db.com/exploits/51416

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51416

[Product] https://www.phpjabbers.com/faq.php

[Third Party Advisory] https://www.vulncheck.com/advisories/phpjabbers-simple-cms-sql-injection-via-column-parameter

Scores

CVSS v3 9.8

EPSS 0.0038

EPSS Percentile 59.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

PHPJabbers/Simple CMS 5.0

phpjabbers/simple_cms 5.0

Published Dec 17, 2025

Tracked Since Feb 18, 2026