Home

Description

PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.

PUBLISHED Reserved 2025-12-16 | Published 2025-12-17 | Updated 2025-12-18 | Assigner VulnCheck




HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

5.0
affected

Credits

Ahmet Ümit BAYRAM finder

References

www.exploit-db.com/exploits/51416 (ExploitDB-51416) exploit

www.phpjabbers.com/faq.php (Official Product Homepage) product

www.vulncheck.com/...-cms-sql-injection-via-column-parameter (VulnCheck Advisory: PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter) third-party-advisory

cve.org (CVE-2023-53926)

nvd.nist.gov (CVE-2023-53926)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.