CVE-2005-1412

Ecomm Professional Guestbook <3.x - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1412. PoCs published by c0d3r.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in EcommProV3, specifically in the login page where user input is not properly sanitized. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.

Description

SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by c0d3r · textwebappsasp

https://www.exploit-db.com/exploits/25466

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in EcommProV3, specifically in the login page where user input is not properly sanitized. It includes example URLs demonstrating the vulnerability but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: EcommProV3

No auth needed

Prerequisites: Access to the vulnerable login page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_osvdb

http://www.osvdb.org/15967

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/15190

Scores

EPSS 0.0103

EPSS Percentile 59.1%

Details

Status published

Products (1)

ecomm/professional_guestbook 3

Published May 03, 2005

Tracked Since Feb 18, 2026