CVE-2005-1487

FishCart 3.1 - SQL Injection via cartid or psku Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1487. PoCs published by Dcrab.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in FishCart, with an example URL demonstrating SQL injection via the 'cartid' parameter. No actual exploit code is present.

Description

Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable

Exploits (2)

exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsphp
https://www.exploit-db.com/exploits/25604

The provided text describes SQL injection and XSS vulnerabilities in FishCart, with an example URL demonstrating SQL injection via the 'cartid' parameter. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: FishCart (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable FishCart application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsphp
https://www.exploit-db.com/exploits/25603

The provided text describes SQL injection and XSS vulnerabilities in FishCart due to improper input sanitization. It includes a sample URL demonstrating SQL injection via the 'psku' parameter but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: FishCart (version unspecified)
No auth needed
Prerequisites: Access to a vulnerable FishCart instance · Ability to craft malicious URLs
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16283
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111530799109755&w=2
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/457754/100/200/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15232/
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/16282
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20386
Exploit, Vendor Advisory x_refsource_misc
http://www.digitalparadox.org/advisories/fishc.txt
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13499

Scores

EPSS 0.0345
EPSS Percentile 87.5%

Details

CWE
CWE-89
Status published
Products (1)
fishnet/fishcart 3.1
Published May 11, 2005
Tracked Since Feb 18, 2026