CVE-2008-0738

CandyPress Store < 4.1 - SQL Injection via idcust or tableName Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0738.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in CandyPress eCommerce suite version 4.1.1.26. It includes multiple proof-of-concept URLs that extract sensitive data from the database, such as admin credentials, payment details, and configuration settings.

Description

Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, and earlier 4.1.x versions, allow remote attackers to execute arbitrary SQL commands via the (1) idcust parameter to (a) ajax_getTiers.asp and (b) ajax_getCust.asp in ajax/, and the (2) tableName parameter to (c) ajax/ajax_tableFields.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
webappsasp
https://www.exploit-db.com/exploits/4988

The exploit demonstrates SQL injection and XSS vulnerabilities in CandyPress eCommerce suite version 4.1.1.26. It includes multiple proof-of-concept URLs that extract sensitive data from the database, such as admin credentials, payment details, and configuration settings.

Classification
Working Poc 100%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: CandyPress eCommerce suite 4.1.1.26
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28662
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0314

Scores

EPSS 0.0096
EPSS Percentile 56.9%

Details

CWE
CWE-89
Status published
Products (2)
shoppingtree/candypress_store 4.1.1.26
shoppingtree/candypress_store < 4.1
Published Feb 13, 2008
Tracked Since Feb 18, 2026