CVE-2007-1077

Design4Online UserPages2 2.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1077. PoCs published by xoron.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Userpages2 2.0 by injecting malicious SQL queries into the 'art_id' parameter. The provided URLs show how to extract sensitive data like usernames and passwords from the 'Users' table.

Description

SQL injection vulnerability in page.asp in Design4Online UserPages2 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by xoron · textwebappsasp

https://www.exploit-db.com/exploits/29622

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Userpages2 2.0 by injecting malicious SQL queries into the 'art_id' parameter. The provided URLs show how to extract sensitive data like usernames and passwords from the 'Users' table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Userpages2 2.0

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/36843

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22636

Scores

EPSS 0.0093

EPSS Percentile 55.8%

Details

Status published

Products (1)

design4online/userpages2 2.0

Published Feb 22, 2007

Tracked Since Feb 18, 2026