The exploit demonstrates multiple vulnerabilities in Practico CMS 13.9, including SQL injection via POST parameters, XSS via GET parameters, and CSRF to add an admin user. It provides clear PoC examples for each vulnerability.
Classification
Working Poc 100%
Attack Type
Sqli | Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target:Practico CMS 13.9
No auth needed
Prerequisites:Network access to the target application · Victim interaction for XSS/CSRF