CVE-2007-4604

DL PayCart 1.01 - SQL Injection via ItemID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4604. PoCs published by irvian.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in DL PayCart 1.01 by brute-forcing the AdminID and AdminPass from the pc_settings table. It uses HTTP requests to infer character values based on server responses.

Description

SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by irvian · perlwebappsphp

https://www.exploit-db.com/exploits/4331

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in DL PayCart 1.01 by brute-forcing the AdminID and AdminPass from the pc_settings table. It uses HTTP requests to infer character values based on server responses.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: DL PayCart 1.01

No auth needed

Prerequisites: Target URL · Vulnerable DL PayCart 1.01 installation

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/25477

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/38329

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4331

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/36323

Scores

EPSS 0.0101

EPSS Percentile 58.4%

Details

CWE

CWE-89

Status published

Products (1)

dinkumsoft.com/dl_paycart 1.01

Published Aug 31, 2007

Tracked Since Feb 18, 2026