Primary

Context

Victor CMS SQL Injection Vulnerability in post Parameter

Vulnerability

A SQL injection vulnerability has been identified in Victor CMS version 1.0. The issue resides in the 'post' parameter of post.php, allowing remote attackers to manipulate database queries. Exploitation involves sending crafted UNION SELECT payloads to extract database information using boolean-based, error-based, and time-based injection techniques.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to post.php with a crafted 'post' parameter that includes SQL injection payloads. The injection can be verified using boolean-based blind, error-based, or time-based blind techniques, depending on the payload used.

Added: Feb 3, 2026, 10:46 PM

Updated: Feb 3, 2026, 10:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

2.5

threat

6.4

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Victor CMS SQL Injection Vulnerability in post Parameter

Vulnerability

Impact

Reproduction

Affected Products

Victor CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating