CVE-2007-1810

Kshop < 1.17 - SQL Injection via product_details.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1810. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Kshop <= 1.17 by injecting a malicious SQL query via the 'id' parameter to extract admin credentials (username and password) from the 'xoops_users' table.

Description

SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsphp

https://www.exploit-db.com/exploits/3626

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Kshop <= 1.17 by injecting a malicious SQL query via the 'id' parameter to extract admin credentials (username and password) from the 'xoops_users' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: XOOPS Module Kshop <= 1.17

No auth needed

Prerequisites: Target must have the vulnerable Kshop module installed · Attacker must know the path to the module

MITRE ATT&CK