CVE-2012-1026

EPSS 1.1%

Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/18467unverified exploitdbwww.exploit-db.com/exploits/18467unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html https://exchange.xforce.ibmcloud.com/vulnerabilities/73000 http://sourceforge.net/tracker/?func=detail&aid=3488241&group_id=298778&atid=1260461 http://www.exploit-db.com/exploits/18467 http://www.securityfocus.com/bid/51870