CVE-2005-4035

Web4Future eCommerce Enterprise Edition <2.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-4035. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in eCommerce Enterprise Edition and Home Edition. It includes a generic example URL demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26719

The provided text describes a SQL injection vulnerability in eCommerce Enterprise Edition and Home Edition. It includes a generic example URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eCommerce Enterprise Edition 2.1 and prior, eCommerce Home Edition
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26717

The provided text describes SQL injection vulnerabilities in eCommerce Enterprise Edition and Home Edition. It includes a generic example URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eCommerce Enterprise Edition 2.1 and prior, eCommerce Home Edition
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26718

The provided text describes SQL injection vulnerabilities in eCommerce Enterprise Edition and Home Edition, with example URLs demonstrating vulnerable parameters. No actual exploit code is present.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: eCommerce Enterprise Edition 2.1 and prior, eCommerce Home Edition
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15707
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21468
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17881
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2744
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21467
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21466

Scores

EPSS 0.0133
EPSS Percentile 67.4%

Details

Status published
Published Dec 06, 2005
Tracked Since Feb 18, 2026