CVE-2008-0719
Customer Testimonials 3 and 3.1 Addon for osCommerce - SQL Injection via testimonial_id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-0719. PoCs published by it's my.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in osCommerce's customer_testimonials.php, allowing an attacker to extract sensitive customer data (last name, password, email) via a UNION-based SQLi attack.
Description
SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in osCommerce's customer_testimonials.php, allowing an attacker to extract sensitive customer data (last name, password, email) via a UNION-based SQLi attack.