CVE-2002-0554

IBM Informix Web DataBlade 4.12 - SQL Injection via HTTP Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0554. PoCs published by Simon Lodal.

AI-analyzed exploit summary This exploit demonstrates SQL injection in Informix Web Datablade by injecting a UNION-based query to read arbitrary files (e.g., /etc/passwd) via the FileToClob function. The attack leverages improper input sanitization in dynamically generated HTML content.

Description

webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers to bypass user access levels or read arbitrary files via a SQL injection attack in an HTTP request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Simon Lodal · textwebappscgi
https://www.exploit-db.com/exploits/21374

This exploit demonstrates SQL injection in Informix Web Datablade by injecting a UNION-based query to read arbitrary files (e.g., /etc/passwd) via the FileToClob function. The attack leverages improper input sanitization in dynamically generated HTML content.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Informix Web Datablade Module (versions affected by CVE-2002-0554)
No auth needed
Prerequisites: Web Datablade Module accessible via HTTP · Knowledge of table/column names for UNION-based attacks
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4496
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-04/0135.html
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8826.php

Scores

EPSS 0.0673
EPSS Percentile 93.2%

Details

Status published
Products (3)
ibm/informix_web_datablade 4.10
ibm/informix_web_datablade 4.11
ibm/informix_web_datablade 4.12
Published Jul 03, 2002
Tracked Since Feb 18, 2026