Exploit for #VU21604 SQL injection in CMS Made Simple

Cybersecurity Help s.r.o.

Published: 2021-02-19 | Updated: 2025-03-31

Vulnerability identifier: #VU21604

Vulnerability risk: High

CVSSv4.0: 8.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2019-9053

CWE-ID: CWE-89

Exploitation vector: Network

Exploits in database: 15

March 31, 2025
- CVE-2019-9053 (Unauthenticated SQL injection exploit for CVE-2019-9053 in CMS Made Simple <= 2.2.9. Extracts admin creds with time-based SQLi.) [Github]
March 7, 2025
- CMS-Made-Simple-2.2.9-Unauthenticated-SQL-Injection-Exploit-CVE-2019-9053- (This exploit targets an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.9 (CVE-2019-9053). It uses a time-based blind SQL injection to extract the username, [Github]
June 21, 2024
- SimpleCTF-UpdatedExploit (This script is a modified version of the original exploit by Daniele Scanu which exploits an unauthenticated SQL injection vulnerability in CMS Made Simple <= 2.2.10 (CVE-2019-9053).) [Github]
February 23, 2024
- CVE-2019-9053-Exploit-in-Python-3 () [Github]
September 13, 2023
- CVE-2019-9053-Exploit-Python-3 (The exploit is edited to work with different text encodings and Python 3 and is compatible with CMSMS version 2.2.9 and below.) [Github]
August 7, 2023
- CVE-2019-9053 (Original Exploit Source: https://www.exploit-db.com/exploits/46635) [Github]
July 4, 2023
- CVE-2019-9053 (This is the Updated Python3 exploit for CVE-2019-9053) [Github]
December 15, 2022
- CVE-2019-9053-Python3 (CVE-2019-9053 exploit ported to python3) [Github]
October 26, 2022
- CVE-2019-9053-CMS-Made-Simple-2.2.10---SQL-Injection-Exploit () [Github]
October 25, 2022
- CVE-2019-9053 (CVE-2019-9053 Exploit for Python 3) [Github]
October 8, 2022
- Simple_CMS_SQLi (This is a exploit for CVE-2019-9053) [Github]
May 24, 2022
- CVE-2019-9053 (CVE-2019-9053 Exploit for Python 3) [Github]
June 17, 2021
- CMS Made Simple < 2.2.10 - SQL Injection [Exploit-DB]
May 16, 2021
- 46635.py_CVE-2019-9053 (This is modified code of 46635 exploit from python2 to python3.) [Github]
February 19, 2021
- CMS Made Simple Serverside Template Injection Remote Code Execution Vulnerability [Source Incite]

Vulnerable software:
CMS Made Simple
Web applications / CMS

Vendor: cmsmadesimple.org