This is a functional SQL injection exploit targeting SIM-PKH 2.4.1 via the 'id' parameter in the admin/media.php endpoint. The payload uses a UNION-based injection to extract database information, including user, database name, and version.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:SIM-PKH 2.4.1
Auth required
Prerequisites:Access to the admin panel · Valid session cookie (PHPSESSID)