Description
Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by ByALBAYX · textwebappsphp
https://www.exploit-db.com/exploits/8935
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1581
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35417
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8935
Scores
EPSS
0.0034
EPSS Percentile
56.6%
Details
CWE
CWE-89
Status
published
Products (2)
zipstore/zip_store_chat
4.0
zipstore/zip_store_chat
5.0
Published
Jun 22, 2009
Tracked Since
Feb 18, 2026