CVE-2008-3590

E. Z. Poll 2 - SQL Injection via Username and Password Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3590. PoCs published by t0fx.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in E.Z. Poll v.2, allowing authentication bypass via crafted input in the login form. The provided credentials manipulate the SQL query to bypass authentication.

Description

Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. Poll 2 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by t0fx · textwebappsphp
https://www.exploit-db.com/exploits/7315

This exploit demonstrates an SQL injection vulnerability in E.Z. Poll v.2, allowing authentication bypass via crafted input in the login form. The provided credentials manipulate the SQL query to bypass authentication.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: E.Z. Poll <= v.2
No auth needed
Prerequisites: Access to the login page at /admin/login.asp
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31368

Scores

EPSS 0.0089
EPSS Percentile 55.0%

Details

CWE
CWE-89
Status published
Products (1)
egi_zaberl/e.z._poll 2
Published Aug 11, 2008
Tracked Since Feb 18, 2026