CVE-2007-4095

BSM Store Dependent Forums 1.02 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4095. PoCs published by Aria-Security Team.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in BSM Store Dependent Forums by injecting a UNION-based query to retrieve data from the 'members' table. It leverages insufficient input sanitization in the application's SQL queries.

Description

SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aria-Security Team · textwebappsphp

https://www.exploit-db.com/exploits/30390

View Code ZIP pw:eip

The exploit demonstrates an SQL injection vulnerability in BSM Store Dependent Forums by injecting a UNION-based query to retrieve data from the 'members' table. It leverages insufficient input sanitization in the application's SQL queries.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: BSM Store Dependent Forums 1.02

No auth needed

Prerequisites: Access to the vulnerable application endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/474687/100/0/threaded

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25072

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/26212

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2935

Scores

EPSS 0.0097

EPSS Percentile 57.3%

Details

CWE

CWE-89

Status published

Products (1)

bsm_store/dependent_forums 1.0.2

Published Jul 30, 2007

Tracked Since Feb 18, 2026