Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2019-9053
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
An issue was discovered in CMS Made Simple 2.2.8. It is possible with the News module, through a crafted URL, to achieve unauthenticated blind time-based SQL injection via the m1_idlist parameter.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
CMS Made Simple SQL注入漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
CMS Made Simple(CMSMS)是CMSMS团队的一套开源的内容管理系统(CMS)。该系统支持基于角色的权限管理系统、基于向导的安装与更新机制、智能缓存机制等。 CMSMS 2.2.8版本中存在SQL注入漏洞,该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2019-9053
#POC DescriptionSource LinkShenlong Link
1This is modified code of 46635 exploit from python2 to python3.https://github.com/SUNNYSAINI01001/46635.py_CVE-2019-9053POC Details
2Nonehttps://github.com/crypticdante/CVE-2019-9053POC Details
3update to Daniele Scanu's SQL Injection Exploit - CVE-2019-9053https://github.com/maraspiras/46635.pyPOC Details
4CVE-2019-9053 Exploit for Python 3https://github.com/e-renna/CVE-2019-9053POC Details
5This is a exploit for CVE-2019-9053https://github.com/zmiddle/Simple_CMS_SQLiPOC Details
6Nonehttps://github.com/ELIZEUOPAIN/CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-ExploitPOC Details
7CVE-2019-9053 exploit ported to python3https://github.com/pedrojosenavasperez/CVE-2019-9053-Python3POC Details
8CMS Made Simple < 2.2.10 - SQL Injection https://github.com/STERN3L/CVE-2019-9053POC Details
9The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.https://github.com/Mahamedm/CVE-2019-9053-Exploit-Python-3POC Details
10This is the Updated Python3 exploit for CVE-2019-9053https://github.com/im-suman-roy/CVE-2019-9053POC Details
11Nonehttps://github.com/bthnrml/guncel-cve-2019-9053.pyPOC Details
12Original Exploit Source: https://www.exploit-db.com/exploits/46635https://github.com/kahluri/CVE-2019-9053POC Details
13Python3 version of the Python2 exploit for CVE-2019-9053https://github.com/Doc0x1/CVE-2019-9053-Python3POC Details
14This repository has the sole purpose of rewriting the CVE-2019-9053 script, which in the original publication is written in Python 2.7. I will be using Python 3.https://github.com/fernandobortotti/CVE-2019-9053POC Details
15Improved code of Daniele Scanu SQL Injection exploithttps://github.com/byrek/CVE-2019-9053POC Details
16working exploit for CVE-2019-9053 https://github.com/davcwikla/CVE-2019-9053-exploitPOC Details
17Nonehttps://github.com/BjarneVerschorre/CVE-2019-9053POC Details
18Nonehttps://github.com/H3xL00m/CVE-2019-9053POC Details
19Nonehttps://github.com/n3ov4n1sh/CVE-2019-9053POC Details
20Nonehttps://github.com/c0d3cr4f73r/CVE-2019-9053POC Details
21Nonehttps://github.com/Jason-Siu/CVE-2019-9053-Exploit-in-Python-3POC Details
22CVE-2019-9054 exploit added support for python3 + bug fixeshttps://github.com/FedericoTorres233/CVE-2019-9053-FixedPOC Details
23This script is a modified version of the original exploit by Daniele Scanu which exploits an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.10 (CVE-2019-9053).https://github.com/Dh4nuJ4/SimpleCTF-UpdatedExploitPOC Details
24The script has been remastered by Teymur Novruzov to ensure compatibility with Python 3. This tool is intended for educational purposes only. Unauthorized use of this tool on any system or network without permission is illegal. The author is not responsible for any misuse of this tool.https://github.com/TeymurNovruzov/CVE-2019-9053-python3-remasteredPOC Details
25Nonehttps://github.com/Sp3c73rSh4d0w/CVE-2019-9053POC Details
26Nonehttps://github.com/0xwh1pl4sh/CVE-2019-9053POC Details
27Nonehttps://github.com/N3rdyN3xus/CVE-2019-9053POC Details
28Nonehttps://github.com/jtoalu/CTF-CVE-2019-9053-GTFOBinsPOC Details
29Nonehttps://github.com/Azrenom/CMS-Made-Simple-2.2.9-CVE-2019-9053POC Details
30Nonehttps://github.com/NyxByt3/CVE-2019-9053POC Details
31Nonehttps://github.com/h3xcr4ck3r/CVE-2019-9053POC Details
32CVE-2019-9053 rewritten in python3 to fix broken syntax. Affects CMS made simple <2.2.10https://github.com/louisthedonothing/CVE-2019-9053POC Details
33Nonehttps://github.com/n3rdh4x0r/CVE-2019-9053POC Details
34CMS Made Simple < 2.2.10 - SQL Injection python3https://github.com/Yzhacker/CVE-2019-9053-CMS46635-python3POC Details
35This exploit targets an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.9 (CVE-2019-9053). It uses a time-based blind SQL injection to extract the username, email, and password hash from the database. Additionally, it supports password cracking using a wordlist.https://github.com/hf3cyber/CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053-POC Details
36Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi.https://github.com/so1icitx/CVE-2019-9053POC Details
37Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/CMS%E6%BC%8F%E6%B4%9E/CMS%20Made%20Simple%20%28CMSMS%29%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E%20CVE-2019-9053.mdPOC Details
38https://github.com/vulhub/vulhub/blob/master/cmsms/CVE-2019-9053/README.mdPOC Details
39CVE-2019-9053.https://github.com/del0x3/CVE-2019-9053-port-py3POC Details
40CMS Made Simple ≤ 2.2.9 SQL Injection Vulnerability CVE-2019-9053 is a vulnerability found in CMS Made Simple (CMSMS) versions up to 2.2.9, where the application is vulnerable to a blind time-based SQL injectionhttps://github.com/kaizoku73/CVE-2019-9053POC Details
41Exploits Python cve-2019-9053– by HackHearthttps://github.com/Hackheart-tech/-exploit-labPOC Details
42This is modified code of 46635 exploit from python2 to python3.https://github.com/d3athcod3/46635.py_CVE-2019-9053POC Details
43Nonehttps://github.com/h3x0v3rl0rd/CVE-2019-9053POC Details
44CVE-2019-9054 exploit added support for python3 + bug fixeshttps://github.com/0xftorres/CVE-2019-9053-FixedPOC Details
45Nonehttps://github.com/Kalidas-7/CVE-2019-9053POC Details
46Nonehttps://github.com/noob-hacker572/CMS-Made-Simple-2.2.9-CVE-2019-9053POC Details
47This repository contains the corrected code for CVE: 2019-9053https://github.com/Slayerma/-CVE-2019-9053POC Details
48Nonehttps://github.com/CaelumIsMe/CVE-2019-9053-POCPOC Details
49Nonehttps://github.com/6iroc/CVE-2019-9053POC Details
50Python3-converted exploit and research notes for CMS Made Simple (CVE-2019-9053) — Unauthenticated SQL Injection vulnerability. Includes original PoC, improved Python3 version, usage instructions, and lab testing reference.https://github.com/JagdeepSinghCeh/cms-made-simple-python3POC Details
51CMS Made Simple < 2.2.10 - SQL Injection . Actual working versionhttps://github.com/Perseus99999/CVE-2019-9053-working-POC Details
52This repository is a complete walkthrough of the Simple CTF challenge on TryHackMe, featuring Nmap scanning, directory enumeration with Gobuster, exploitation of CVE-2019-9053, SSH access, and privilege escalation via sudo permissions.https://github.com/Praditha29/Simple-CTF-THM-WriteupPOC Details
53Nonehttps://github.com/Boon-Rekcah/CMS-Made-Simple-2.2.9-CVE-2019-9053POC Details
54Python3 exploit for CVE-2019-9053 (CMS Made Simple <= 2.2.9 SQLi). No deps, time-based blind SQLi → admin creds dump. HTB Writeup owned.https://github.com/tim-karov/cmsms-sqliPOC Details
55This is a modified version of the time-based SQL injection exploit for CMS Made Simple <= 2.2.9. The exploit was originally created by Daniele Scanu and has been updated for better compatibility and modern Python practices.https://github.com/pasan2002/CVE-2019-9053---CMS-Made-Simple-SQL-Injection-Exploit-Modified-POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2019-9053
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2019-9053

No comments yet

Leave a comment