CVE-2019-9053
published 2019-03-26CVE-2019-9053: An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL…
PriorityP271high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EXPLOIT
EPSS
55.96%
98.9th percentile
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cmsmadesimple | cms_made_simple | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url&m1_idlist=a,b,1,5))+and+(select+sleep(<TIME>)+from+cms_users+where+password+like+0x<HEX>25+and+user_id+like+0x31)+--+↗
url&m1_idlist=a,b,1,5))+and+(select+sleep(<TIME>)+from+cms_users+where+username+like+0x<HEX>25+and+user_id+like+0x31)+--+↗
url&m1_idlist=a,b,1,5))+and+(select+sleep(<TIME>)+from+cms_users+where+email+like+0x<HEX>25+and+user_id+like+0x31)+--+↗
- →Detect blind time-based SQLi via the m1_idlist GET parameter containing SQL sleep() injection patterns targeting the CMS Made Simple News module. Look for URL-encoded payloads with patterns like 'select+sleep(' or 'select sleep(' in the m1_idlist parameter value. ↗
- →The SQLi payload structure uses a specific pattern: 'a,b,1,5))+and+(select+sleep(N)+from+cms_users+where+<field>+like+0x<hex>25+and+user_id+like+0x31)+--+' injected into m1_idlist. Alert on requests where m1_idlist contains 'cms_users' or 'sleep(' substrings. ↗
- →The exploit enumerates salt, username, email, and password from the cms_users table character-by-character using time delays. Anomalous response latency spikes on repeated requests to the News module URL with varying m1_idlist values is a strong behavioral indicator. ↗
- →The attack is unauthenticated; no session cookie or login is required. Monitor for high-frequency GET requests to the CMS Made Simple News module endpoint with m1_idlist parameter from a single source IP. ↗
- ·The TIME threshold used for sleep-based detection is configurable in the exploit script; defenders should tune anomaly detection baselines accordingly, as a low TIME value may be harder to distinguish from legitimate slow queries. ↗
- ·The exploit targets CMS Made Simple version 2.2.8 specifically via the News module; other versions may or may not be affected and should be tested independently. ↗
CVSS provenance
nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
arXiv
Ancora: Accurate Intrusion Recovery for Web Applications
arxiv_fulltext·2026-01-02
Ancora: Accurate Intrusion Recovery for Web Applications
: Accurate Intrusion Recovery for Web Applications
Yihao Peng^0000-0002-9190-531Xequal , Graduate Student Member, IEEE, Biao Ma^0009-0001-9372-1020equal ,
Hai Wan^0000-0002-9608-5808, Xibin Zhao^0000-0002-6168-7016, Senior Member, IEEE
Yihao Peng, Biao Ma, Hai Wan, and Xibin Zhao are with the Beijing National Research Center for Information Science and Technology (BNRist), Key Laboratory for Information System Security, Ministry of Education (KLISS), School of Software, Tsinghua University, Beijing 100084, China (e-mail: [email protected]; [email protected]; [email protected]; [email protected]).
authors contributed equally to this work.
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, Vol. , 2025Peng and Ma et al.: : Accurate Intrusion Recovery for Web Applications
## Abs
CTF
easy / README
ctf_writeups·CVSS 6.0
[MEDIUM] easy / README
---
layout: default
title: Easy Machines
parent: Machines
nav_order: 1
description: "120+ Easy HTB machine writeups with walkthroughs"
permalink: /machines/easy/
---
# HackTheBox Easy Machines - Comprehensive Reference
> Complete catalog of retired HTB Easy machines with OS, key vulnerability, attack path summary, and quality writeup links.
**Total: 100+ Easy Machines** | Updated: April 2026
---
## Quick Navigation
- [Classic / Legacy Machines (2017-2019)](#classic--legacy-machines-2017-2019)
- [2019-2020 Machines](#2019-2020-machines)
- [2021 Machines](#2021-machines)
- [2022 Machines](#2022-machines)
- [2023 Machines](#2023-machines)
- [2024 Machines (Season 4 & 5)](#2024-machines-season-4--5)
- [2025-2026 Machines (Season 6+)](#2025-2026-machines-season-6)
---
## Classic / Legac
http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlhttps://github.com/Perseus99999/CVE-2019-9053-working-/blob/main/exploit.pyhttps://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzumhttps://www.exploit-db.com/exploits/46635/http://packetstormsecurity.com/files/152356/CMS-Made-Simple-SQL-Injection.htmlhttps://newsletter.cmsmadesimple.org/w/89247Qog4jCRCuRinvhsofwghttps://www.cmsmadesimple.org/2019/03/Announcing-CMS-Made-Simple-v2.2.10-Spuzzumhttps://www.exploit-db.com/exploits/46635/
2019-03-26
Published