CVE-2019-9053
CVE-2019-9053
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Productos afectados
n/a · n/aPoCs públicas encontradas — 50
githubgithub.com/e-renna/CVE-2019-9053★ 11githubgithub.com/Mahamedm/CVE-2019-9053-Exploit-Python-3★ 8githubgithub.com/Dh4nuJ4/SimpleCTF-UpdatedExploit★ 6githubgithub.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit★ 5githubgithub.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053★ 3githubgithub.com/h3x0v3rl0rd/CVE-2019-9053★ 3githubgithub.com/JagdeepSinghCeh/cms-made-simple-python3★ 2githubgithub.com/TeymurNovruzov/CVE-2019-9053-python3-remastered★ 1githubgithub.com/d3athcod3/46635.py_CVE-2019-9053★ 1githubgithub.com/rideckszz/poc-CVE-2019-9053★ 1githubgithub.com/Perseus99999/CVE-2019-9053-working-★ 1githubgithub.com/fernandobortotti/CVE-2019-9053★ 1githubgithub.com/paulameg/SimpleCTF-THM-Walkthrough★ 1githubgithub.com/Yzhacker/CVE-2019-9053-CMS46635-python3★ 0githubgithub.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053-★ 0githubgithub.com/so1icitx/CVE-2019-9053★ 0githubgithub.com/del0x3/CVE-2019-9053-port-py3★ 0githubgithub.com/kaizoku73/CVE-2019-9053★ 0githubgithub.com/Hackheart-tech/-exploit-lab★ 0githubgithub.com/Kalidas-7/CVE-2019-9053★ 0githubgithub.com/Boon-Rekcah/CMS-Made-Simple-2.2.9-CVE-2019-9053★ 0githubgithub.com/Slayerma/-CVE-2019-9053★ 0githubgithub.com/CaelumIsMe/CVE-2019-9053-POC★ 0githubgithub.com/Praditha29/Simple-CTF-THM-Writeup★ 0githubgithub.com/tim-karov/cmsms-sqli★ 0githubgithub.com/pasan2002/CVE-2019-9053---CMS-Made-Simple-SQL-Injection-Exploit-Modified-★ 0githubgithub.com/iTzR1g/CVE-2019-9053★ 0githubgithub.com/coolkiee/CVE-2019-9053★ 0githubgithub.com/killukeren/-CVE-2019-9053★ 0githubgithub.com/jyothsna-Git007/CMS-Made-Simple-2.2.10---SQL-Injection★ 0githubgithub.com/v4rr10r/CVE-2019-9053★ 0githubgithub.com/ImperialX1104/Simple-CTF-Writeup★ 0githubgithub.com/Jeanback1/CVE-2019-9053-exploit★ 0githubgithub.com/vadaysakiv/cve-2019-9053★ 0githubgithub.com/maraspiras/46635.py★ 0githubgithub.com/zmiddle/Simple_CMS_SQLi★ 0githubgithub.com/im-suman-roy/CVE-2019-9053★ 0githubgithub.com/bthnrml/guncel-cve-2019-9053.py★ 0githubgithub.com/kahluri/CVE-2019-9053★ 0githubgithub.com/byrek/CVE-2019-9053★ 0githubgithub.com/davcwikla/CVE-2019-9053-exploit★ 0githubgithub.com/BjarneVerschorre/CVE-2019-9053★ 0githubgithub.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-3★ 0githubgithub.com/0xftorres/CVE-2019-9053-Fixed★ 0githubgithub.com/jtoalu/CTF-CVE-2019-9053-GTFOBins★ 0githubgithub.com/Ap0cryph1c/CVE-2019-9053★ 0githubgithub.com/rgkue/mysqli★ 0cve_referencewww.exploit-db.com/exploits/46635/no verificadoexploitdbwww.exploit-db.com/exploits/46635no verificadocve_referencepacketstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlhttps://github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.pyhttps://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzumhttps://www.exploit-db.com/exploits/46635/