一、 漏洞 CVE-2019-9053 基础信息
漏洞标题
N/A
来源:AIGC 神龙大模型
漏洞描述信息
在 CMS Made Simple 2.2.8 中发现了一个问题。通过编写的 URL,可能通过 m1_idlist 参数实现无授权的基于时间的 SQL 注入。
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
N/A
来源:AIGC 神龙大模型
漏洞标题
N/A
来源:美国国家漏洞数据库 NVD
漏洞描述信息
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
来源:美国国家漏洞数据库 NVD
CVSS信息
N/A
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
CMS Made Simple SQL注入漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
SQL注入
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2019-9053 的公开POC
# POC 描述 源链接 神龙链接
1 This is modified code of 46635 exploit from python2 to python3. https://github.com/SUNNYSAINI01001/46635.py_CVE-2019-9053 POC详情
2 None https://github.com/crypticdante/CVE-2019-9053 POC详情
3 update to Daniele Scanu's SQL Injection Exploit - CVE-2019-9053 https://github.com/maraspiras/46635.py POC详情
4 CVE-2019-9053 Exploit for Python 3 https://github.com/e-renna/CVE-2019-9053 POC详情
5 This is a exploit for CVE-2019-9053 https://github.com/zmiddle/Simple_CMS_SQLi POC详情
6 None https://github.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit POC详情
7 CVE-2019-9053 exploit ported to python3 https://github.com/pedrojosenavasperez/CVE-2019-9053-Python3 POC详情
8 CMS Made Simple < 2.2.10 - SQL Injection https://github.com/STERN3L/CVE-2019-9053 POC详情
9 The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below. https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3 POC详情
10 This is the Updated Python3 exploit for CVE-2019-9053 https://github.com/im-suman-roy/CVE-2019-9053 POC详情
11 None https://github.com/bthnrml/guncel-cve-2019-9053.py POC详情
12 Original Exploit Source: https://www.exploit-db.com/exploits/46635 https://github.com/kahluri/CVE-2019-9053 POC详情
13 Python3 version of the Python2 exploit for CVE-2019-9053 https://github.com/Doc0x1/CVE-2019-9053-Python3 POC详情
14 This repository has the sole purpose of rewriting the CVE-2019-9053 script, which in the original publication is written in Python 2.7. I will be using Python 3. https://github.com/fernandobortotti/CVE-2019-9053 POC详情
15 Improved code of Daniele Scanu SQL Injection exploit https://github.com/byrek/CVE-2019-9053 POC详情
16 working exploit for CVE-2019-9053 https://github.com/davcwikla/CVE-2019-9053-exploit POC详情
17 None https://github.com/BjarneVerschorre/CVE-2019-9053 POC详情
18 None https://github.com/H3xL00m/CVE-2019-9053 POC详情
19 None https://github.com/n3ov4n1sh/CVE-2019-9053 POC详情
20 None https://github.com/c0d3cr4f73r/CVE-2019-9053 POC详情
21 None https://github.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-3 POC详情
22 CVE-2019-9054 exploit added support for python3 + bug fixes https://github.com/FedericoTorres233/CVE-2019-9053-Fixed POC详情
23 This script is a modified version of the original exploit by Daniele Scanu which exploits an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.10 (CVE-2019-9053). https://github.com/Dh4nuJ4/SimpleCTF-UpdatedExploit POC详情
24 The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool. https://github.com/TeymurNovruzov/CVE-2019-9053-python3-remastered POC详情
25 None https://github.com/Sp3c73rSh4d0w/CVE-2019-9053 POC详情
26 None https://github.com/0xwh1pl4sh/CVE-2019-9053 POC详情
27 None https://github.com/N3rdyN3xus/CVE-2019-9053 POC详情
28 None https://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBins POC详情
29 None https://github.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053 POC详情
30 None https://github.com/NyxByt3/CVE-2019-9053 POC详情
31 None https://github.com/h3xcr4ck3r/CVE-2019-9053 POC详情
32 CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10 https://github.com/louisthedonothing/CVE-2019-9053 POC详情
33 None https://github.com/n3rdh4x0r/CVE-2019-9053 POC详情
34 CMS Made Simple < 2.2.10 - SQL Injection python3 https://github.com/Yzhacker/CVE-2019-9053-CMS46635-python3 POC详情
35 This exploit targets an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.9 (CVE-2019-9053). It uses a time-based blind SQL injection to extract the username, email, and password hash from the database. Additionally, it supports password cracking using a wordlist. https://github.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053- POC详情
36 Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi. https://github.com/so1icitx/CVE-2019-9053 POC详情
37 None https://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CMS%20Made%20Simple%20%28CMSMS%29%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2019-9053.md POC详情
38 https://github.com/vulhub/vulhub/blob/master/cmsms/CVE-2019-9053/README.md POC详情
39 CVE-2019-9053. https://github.com/del0x3/CVE-2019-9053-port-py3 POC详情
40 CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in CMS Made Simple (CMSMS) versions up to 2.2.9, where the application is vulnerable to a blind time-based SQL injection https://github.com/kaizoku73/CVE-2019-9053 POC详情
41 Exploits Python cve-2019-9053– by HackHeart https://github.com/Hackheart-tech/-exploit-lab POC详情
三、漏洞 CVE-2019-9053 的情报信息