← back
CVE-2019-9053

CVE-2019-9053

EPSS 56.0%
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Affected products
n/a · n/a
public PoCs found50
githubgithub.com/e-renna/CVE-2019-905311githubgithub.com/Mahamedm/CVE-2019-9053-Exploit-Python-38githubgithub.com/Dh4nuJ4/SimpleCTF-UpdatedExploit6githubgithub.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit5githubgithub.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-90533githubgithub.com/h3x0v3rl0rd/CVE-2019-90533githubgithub.com/JagdeepSinghCeh/cms-made-simple-python32githubgithub.com/TeymurNovruzov/CVE-2019-9053-python3-remastered1githubgithub.com/d3athcod3/46635.py_CVE-2019-90531githubgithub.com/rideckszz/poc-CVE-2019-90531githubgithub.com/Perseus99999/CVE-2019-9053-working-1githubgithub.com/fernandobortotti/CVE-2019-90531githubgithub.com/paulameg/SimpleCTF-THM-Walkthrough1githubgithub.com/Yzhacker/CVE-2019-9053-CMS46635-python30githubgithub.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053-0githubgithub.com/so1icitx/CVE-2019-90530githubgithub.com/del0x3/CVE-2019-9053-port-py30githubgithub.com/kaizoku73/CVE-2019-90530githubgithub.com/Hackheart-tech/-exploit-lab0githubgithub.com/Kalidas-7/CVE-2019-90530githubgithub.com/Boon-Rekcah/CMS-Made-Simple-2.2.9-CVE-2019-90530githubgithub.com/Slayerma/-CVE-2019-90530githubgithub.com/CaelumIsMe/CVE-2019-9053-POC0githubgithub.com/Praditha29/Simple-CTF-THM-Writeup0githubgithub.com/tim-karov/cmsms-sqli0githubgithub.com/pasan2002/CVE-2019-9053---CMS-Made-Simple-SQL-Injection-Exploit-Modified-0githubgithub.com/iTzR1g/CVE-2019-90530githubgithub.com/coolkiee/CVE-2019-90530githubgithub.com/killukeren/-CVE-2019-90530githubgithub.com/jyothsna-Git007/CMS-Made-Simple-2.2.10---SQL-Injection0githubgithub.com/v4rr10r/CVE-2019-90530githubgithub.com/ImperialX1104/Simple-CTF-Writeup0githubgithub.com/Jeanback1/CVE-2019-9053-exploit0githubgithub.com/vadaysakiv/cve-2019-90530githubgithub.com/maraspiras/46635.py0githubgithub.com/zmiddle/Simple_CMS_SQLi0githubgithub.com/im-suman-roy/CVE-2019-90530githubgithub.com/bthnrml/guncel-cve-2019-9053.py0githubgithub.com/kahluri/CVE-2019-90530githubgithub.com/byrek/CVE-2019-90530githubgithub.com/davcwikla/CVE-2019-9053-exploit0githubgithub.com/BjarneVerschorre/CVE-2019-90530githubgithub.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-30githubgithub.com/0xftorres/CVE-2019-9053-Fixed0githubgithub.com/jtoalu/CTF-CVE-2019-9053-GTFOBins0githubgithub.com/Ap0cryph1c/CVE-2019-90530githubgithub.com/rgkue/mysqli0cve_referencewww.exploit-db.com/exploits/46635/unverifiedexploitdbwww.exploit-db.com/exploits/46635unverifiedcve_referencepacketstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlhttps://github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.pyhttps://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzumhttps://www.exploit-db.com/exploits/46635/