CVE-2007-4068

Webyapar 2.0 - SQL Injection via kat_id or id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4068. PoCs published by bypass.

AI-analyzed exploit summary This is a writeup detailing SQL injection vulnerabilities in Webyapar v2.0, providing example URLs to exploit blind SQLi for extracting admin credentials. No executable exploit code is present.

Description

Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the kat_id parameter to the default URI in a download action or (2) the id parameter to the default URI in a duyurular_detay action.

Exploits (1)

exploitdb WRITEUP VERIFIED
by bypass · textwebappsphp
https://www.exploit-db.com/exploits/4224

This is a writeup detailing SQL injection vulnerabilities in Webyapar v2.0, providing example URLs to exploit blind SQLi for extracting admin credentials. No executable exploit code is present.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Webyapar v2.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37131
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37132
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4224
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35603
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25061

Scores

EPSS 0.0199
EPSS Percentile 78.2%

Details

Status published
Products (1)
webyapar/webyapar 2.0
Published Jul 30, 2007
Tracked Since Feb 18, 2026