Unrated severityNVD Advisory· Published Nov 2, 2011· Updated Apr 29, 2026

CVE-2010-5029

Description

SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the show parameter in a web action.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in Ecomat CMS 5.0 index.php allows remote attackers to execute arbitrary SQL commands via the show parameter.

Vulnerability

SQL injection vulnerability exists in index.php of Ecomat CMS 5.0 (and probably prior versions) [2]. The show parameter in a web action is not properly sanitized before being used in SQL queries [1]. This allows attackers to inject arbitrary SQL commands.

Exploitation

An attacker can exploit this vulnerability remotely via a web browser without authentication [2]. The following proof-of-concept URL is available: http://host/index.php?type=web&lang=de&show=-1+union+select+user%28%29+--+&mhs=0 [2].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands, potentially leading to access, modification, or disclosure of sensitive data in the application's database [1][2]. The attacker may also exploit vulnerabilities in the underlying SQL database server [2].

Mitigation

No official fix has been released by the vendor (Codefabrik GmbH) as of the publication date [2]. The vulnerability was reported on 18 May 2010, and the vendor was alerted but did not respond [2]. Users should consider removing or replacing Ecomat CMS 5.0 if it is used in production.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Codefabrik/Ecomat CMS2 versions
cpe:2.3:a:codefabrik:ecomat_cms:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:codefabrik:ecomat_cms:5.0:*:*:*:*:*:*:*
- (no CPE)range: = 5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1006-exploits/ecomatcms-sql.txtnvdExploit
www.htbridge.ch/advisory/sql_injection_vulnerability_in_ecomat_cms.htmlnvdExploit
www.securityfocus.com/bid/40491nvdExploit
secunia.com/advisories/40013nvdVendor Advisory
securityreason.com/securityalert/8518nvd
www.securityfocus.com/archive/1/511586/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000