CVE-2010-4780

high

Published 2011-04-07 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

8.5

Description

SQL injection vulnerability in the check_banlist function in includes/sessions.php in Enano CMS 1.1.7pl1; 1.0.6pl2; and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2 allows remote attackers to execute arbitrary SQL commands via the email parameter to index.php. NOTE: some of these details are obtained from third party information.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-15645 webapps php verified text · 2 KB

High-Tech Bridge SA · 2010-11-30

enano CMS 1.1.7pl1 - Multiple Vulnerabilities

text exploit Source: Exploit-DB

Vulnerability ID: HTB22709
Reference: http://www.htbridge.ch/advisory/sql_injection_in_enano_cms.html
Product: Enano CMS
Vendor: enanocms.org ( http://enanocms.org/ ) 
Vulnerable Version: 1.1.7pl1
Vendor Notification: 16 November 2010 
Vulnerability Type: SQL Injection
Status: Fixed by Vendor
Risk level: High 
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) 

SQL Injection:
Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in email variable.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

The following PoC is available:

Step1.
Register new user with email: "any@email.com'SQL_CODE"

Step2.
Log in with new login and password.
Solution: Upgrade to the most recent version

Path Disclosure:
Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "title" variable, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.

The following PoC is available:


http://[host]/index.php?title=Special:Captcha/1
http://[host]/index.php?title[]=1

Solution: Upgrade to the most recent version

Application impact

Vendor	Product	Versions
enanocms	enano_cms	`{"endIncluding":"1.1.7"}`
enanocms	enano_cms	`0.8.1`
enanocms	enano_cms	`0.8.2`
enanocms	enano_cms	`0.8.3`
enanocms	enano_cms	`0.8.4`
enanocms	enano_cms	`0.9.1`
enanocms	enano_cms	`0.9.2`
enanocms	enano_cms	`0.9.3`
enanocms	enano_cms	`1.0`
enanocms	enano_cms	`1.0.1`
enanocms	enano_cms	`1.0.2`
enanocms	enano_cms	`1.0.2b1`
enanocms	enano_cms	`1.0.3`
enanocms	enano_cms	`1.0.4`
enanocms	enano_cms	`1.0.5`
enanocms	enano_cms	`1.0.6`
enanocms	enano_cms	`1.1.1`
enanocms	enano_cms	`1.1.2`
enanocms	enano_cms	`1.1.3`
enanocms	enano_cms	`1.1.4`
enanocms	enano_cms	`1.1.5`
enanocms	enano_cms	`1.1.6`
enanocms	enano_cms	`1.1.7`

References

CWEs

CWE-89

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.