CVE-2005-1822

Exploitation Summary

EIP tracks 8 public exploits for CVE-2005-1822. PoCs published by CENSORED Search Vulnerabilities.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example URL demonstrating the SQL injection vector. It lacks executable exploit code but provides technical details about the vulnerability.

Description

Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.

Exploits (8)

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25773

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example URL demonstrating the SQL injection vector. It lacks executable exploit code but provides technical details about the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application's search.php endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25772

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8 due to improper input sanitization. It includes a basic example of an SQL injection attack vector but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25768

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating potential attack vectors. No actual exploit code is present.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25771

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example URL demonstrating the SQL injection vector. It lacks executable exploit code but provides technical details about the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25767

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating potential attack vectors. No actual exploit code is included.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to vulnerable X-Cart instance

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25770

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example URL demonstrating the SQL injection vector. It lacks executable exploit code but provides technical details about the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the target application's help.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25774

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with example URLs demonstrating potential attack vectors. It lacks executable exploit code but provides technical details for manual exploitation.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by CENSORED Search Vulnerabilities · textwebappsphp

https://www.exploit-db.com/exploits/25769

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in X-Cart 4.0.8, with an example URL demonstrating the SQL injection vector. It lacks executable exploit code but provides technical details about the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: X-Cart 4.0.8

No auth needed

Prerequisites: Access to the vulnerable X-Cart application

MITRE ATT&CK