Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-5190. PoCs published by JuDge.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in eSHOP100, allowing an attacker to extract sensitive customer information (passwords and emails) from the database via a crafted UNION-based SQL query.
Description
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by JuDge · textwebappsphp
https://www.exploit-db.com/exploits/5970
This exploit demonstrates a SQL injection vulnerability in eSHOP100, allowing an attacker to extract sensitive customer information (passwords and emails) from the database via a crafted UNION-based SQL query.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
eSHOP100 (version not specified)
No auth needed
Prerequisites:
Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1971/references
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43452
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30712
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30002
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5970
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4619
Scores
EPSS
0.0109
EPSS Percentile
78.2%
Details
CWE
CWE-89
Status
published
Products (1)
eshop100/eshop100
_nil_
Published
Nov 21, 2008
Tracked Since
Feb 18, 2026