Exploitation Summary
EIP tracks 1 public exploit for CVE-2007-4627. PoCs published by k1tk4t.
AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in ABC estore 3.0 by injecting malicious SQL queries into the 'cat_id' parameter. It brute-forces character extraction from the database to retrieve admin credentials.
Description
SQL injection vulnerability in index.php in ABC eStore 3.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by k1tk4t · perlwebappsphp
https://www.exploit-db.com/exploits/4338
This Perl script exploits a blind SQL injection vulnerability in ABC estore 3.0 by injecting malicious SQL queries into the 'cat_id' parameter. It brute-forces character extraction from the database to retrieve admin credentials.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
ABC estore 3.0
No auth needed
Prerequisites:
Target must have ABC estore 3.0 installed · Subcategories must exist for the exploit to succeed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/38434
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36313
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3037
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4338
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25476
Scores
EPSS
0.0106
EPSS Percentile
60.1%
Details
Status
published
Products (1)
algera/abc_estore
3.0
Published
Aug 31, 2007
Tracked Since
Feb 18, 2026