CVE-2005-4331

iHTML Merchant Version 2 Pro - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4331. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in iHTML Merchant, detailing vulnerable parameters and example exploit URLs. It lacks executable code but provides clear technical details for exploitation.

Description

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26856

The provided text describes an SQL injection vulnerability in iHTML Merchant, detailing vulnerable parameters and example exploit URLs. It lacks executable code but provides clear technical details for exploitation.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: iHTML Merchant (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15911
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21808
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18089
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2967

Scores

EPSS 0.0116
EPSS Percentile 63.1%

Details

Status published
Products (1)
ihtml_merchant/ihtml_merchant 2_pro
Published Dec 17, 2005
Tracked Since Feb 18, 2026