Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-3412. PoCs published by mikeX.
AI-analyzed exploit summary This exploit demonstrates a remote SQL injection vulnerability in EPShop versions prior to 3.0. It leverages the 'pid' parameter in two different actions ('pro_show' and 'disppro') to inject malicious SQL queries, allowing unauthorized access to sensitive data such as admin passwords.
Description
SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter in a (1) pro_show or (2) disppro action to the default URI.
Exploits (1)
This exploit demonstrates a remote SQL injection vulnerability in EPShop versions prior to 3.0. It leverages the 'pid' parameter in two different actions ('pro_show' and 'disppro') to inject malicious SQL queries, allowing unauthorized access to sensitive data such as admin passwords.