PHPJabbers Simple CMS 5.0 SQL Injection via Column Parameter

Advisories

severity: high
date: December 17, 2025
Affecting: Simple CMS 5.0
CVE: CVE-2023-53926
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVSS: 8.7
CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N
References: ExploitDB-51416
Official Product Homepage
Credit: Ahmet Ümit BAYRAM
Description: PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.