CVE-2007-3307
Solar Empire < 2.9.1.1 - SQL Injection via User-Agent HTTP Header
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3307. PoCs published by BlackHawk.
AI-analyzed exploit summary This exploit targets a blind SQL injection vulnerability in Solar Empire <= 2.9.1.1 via the User-Agent header. It retrieves the admin password hash by brute-forcing each character using time-based SQL injection.
Description
SQL injection vulnerability in game_listing.php in Solar Empire 2.9.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by BlackHawk · phpwebappsphp
https://www.exploit-db.com/exploits/4078
This exploit targets a blind SQL injection vulnerability in Solar Empire <= 2.9.1.1 via the User-Agent header. It retrieves the admin password hash by brute-forcing each character using time-based SQL injection.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
Solar Empire <= 2.9.1.1
No auth needed
Prerequisites:
Target server running Solar Empire <= 2.9.1.1 · Network access to the target server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/34909
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4078
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25716
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36303
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24519
Scores
EPSS
0.0104
EPSS Percentile
59.5%
Details
Status
published
Products (1)
solar_empire/solar_empire
< 2.9.1.1
Published
Jun 21, 2007
Tracked Since
Feb 18, 2026