CVE-2003-1520
Fuzzymonkey My Classifieds 2.11 - SQL Injection via Email Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2003-1520. PoCs published by Ezhilan.
AI-analyzed exploit summary The writeup describes a SQL injection vulnerability in FuzzyMonkey MyClassifieds 2.11, where an attacker can inject malicious SQL code into the Email variable to disclose user passwords by writing them to a world-readable file.
Description
SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows remote attackers to execute arbitrary SQL commands via the email parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ezhilan · textwebappsphp
https://www.exploit-db.com/exploits/23269
The writeup describes a SQL injection vulnerability in FuzzyMonkey MyClassifieds 2.11, where an attacker can inject malicious SQL code into the Email variable to disclose user passwords by writing them to a world-readable file.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
FuzzyMonkey MyClassifieds 2.11
No auth needed
Prerequisites:
Access to the vulnerable application · Knowledge of the directory path for writing the output file
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Exploit, Patch mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/341908
Exploit, Patch third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/3293
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8863
Various Sources x_refsource_confirm
http://www.fuzzymonkey.org/newfuzzy/software/data/03My_Classifieds_MySQL//README.html#changes
Scores
EPSS
0.0111
EPSS Percentile
61.8%
Details
CWE
CWE-89
Status
published
Products (1)
fuzzymonkey/myclassifieds
2.11
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026