CVE-2009-1613
published 2009-05-11CVE-2009-1613: Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL…
PriorityP338medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.96%
57.0th percentile
Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gowondesigns | leap | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
exploitdb·2009-04-30
CVE-2009-1615 Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
Leap CMS 0.1.4 - SQL Injection / Cross-Site Scripting / Arbitrary File Upload
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://leap.gowondesigns.com/ |
|-->DOWNLOAD: http://leap.gowondesigns.com/download.php?leap014.zip |
|-->DEMO: http://php.opensourcecms.com/scripts/details.php?scriptid=161&name=Leap |
|-->CATEGORY
Exploit-DB
Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
exploitdb·2009-04-30
CVE-2009-1613 Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
Leap CMS 0.1.4 - 'searchterm' Blind SQL Injection
---
#!/usr/bin/perl
#***********************************************************************************************
#***********************************************************************************************
#** **
#** **
#** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
#** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
# [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
#** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
#**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
#** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
# [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://l
No writeups or analysis indexed.
2009-05-11
Published