CVE-2005-4243

QuickPayPro 3.1 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2005-4243. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in QuickPayPro's tracking.details.php due to improper input sanitization. It includes a basic example URL demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.

Exploits (6)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26831

The provided text describes a SQL injection vulnerability in QuickPayPro's tracking.details.php due to improper input sanitization. It includes a basic example URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26829

The provided text describes a SQL injection vulnerability in QuickPayPro, specifically in the 'subscribers.tracking.edit.php' endpoint via the 'subtrackingid' parameter. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26832

The provided text describes a SQL injection vulnerability in QuickPayPro due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26827

The provided text describes a SQL injection vulnerability in QuickPayPro's popups.edit.php due to improper input sanitization. It outlines potential impacts but lacks actual exploit code or technical details.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26830

The provided text describes a SQL injection vulnerability in QuickPayPro due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26828

The provided text describes SQL injection vulnerabilities in QuickPayPro due to improper input sanitization. It includes example URLs demonstrating the vulnerable parameters but does not contain executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: QuickPayPro (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2875
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21676
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21681
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17981
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21679
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15863
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21677
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21680
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21678

Scores

EPSS 0.0465
EPSS Percentile 90.5%

Details

Status published
Products (1)
quickpaypro/quickpaypro 3.1
Published Dec 15, 2005
Tracked Since Feb 18, 2026