CVE-2007-2532

Minh Nguyen Duong Obie Website Mini Web Shop 2 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-2532. PoCs published by CorryL.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Mini Web Shop 2, where insufficient input sanitization in the sendmail.php module allows attackers to inject malicious scripts. The advisory references a specific URL path but lacks executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) to (1) sendmail.php or (2) order_form.php, different vectors than CVE-2006-6734.

Exploits (2)

exploitdb WRITEUP VERIFIED
by CorryL · textwebappsphp
https://www.exploit-db.com/exploits/29957

The provided text describes a cross-site scripting (XSS) vulnerability in Mini Web Shop 2, where insufficient input sanitization in the sendmail.php module allows attackers to inject malicious scripts. The advisory references a specific URL path but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Mini Web Shop 2
No auth needed
Prerequisites: Access to the vulnerable sendmail.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by CorryL · textwebappsphp
https://www.exploit-db.com/exploits/29956

The provided text describes a cross-site scripting (XSS) vulnerability in Mini Web Shop 2, where insufficient input sanitization allows attackers to inject malicious scripts. The example URL demonstrates a potential attack vector but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target: Mini Web Shop 2
No auth needed
Prerequisites: Access to a vulnerable Mini Web Shop instance
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36249
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36248
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2666
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34105
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/467831/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23847

Scores

EPSS 0.0372
EPSS Percentile 88.4%

Details

Status published
Products (1)
obie_website/mini_web_shop 2
Published May 09, 2007
Tracked Since Feb 18, 2026