SQL Injection Vulnerabilities in Php-X-Links by N/A
CVE-2012-5098

Currently unrated

Key Information:

Vendor

J Waite

Status
PHP-x-links
Vendor
CVE Published:
23 September 2012

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2012-5098?

Multiple SQL injection vulnerabilities exist in Php-X-Links, which may permit remote attackers to execute arbitrary SQL statements. The vulnerabilities can be exploited via the 'id' parameter in the rate.php script, the 'cid' parameter in view.php, and the 't' parameter in pop.php. These weaknesses highlight the need for proper input validation and sanitation to avoid potential data breaches or unauthorized access.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2012-5098 - Proof of Concept

References

http://www.securityfocus.com/bid/51223
vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/72066
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/18298
exploitx_refsource_EXPLOIT-DB

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.