CVE-2009-2178

phpDatingClub 3.7 - Cross-Site Scripting via Page Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2178. PoCs published by ThE g0bL!N.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in phpDatingClub v3.7. The SQLi exploit uses a UNION-based attack to extract database version information, while the XSS exploit injects a simple script tag.

Description

Cross-site scripting (XSS) vulnerability in website.php in phpDatingClub 3.7 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · textwebappsphp

https://www.exploit-db.com/exploits/8990

View Code ZIP pw:eip

The exploit demonstrates SQL injection and XSS vulnerabilities in phpDatingClub v3.7. The SQLi exploit uses a UNION-based attack to extract database version information, while the XSS exploit injects a simple script tag.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: phpDatingClub v3.7

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/55316

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/8990

Scores

EPSS 0.0125

EPSS Percentile 65.4%

Details

CWE

CWE-79

Status published

Products (1)

w2b/phpdatingclub 3.7

Published Jun 23, 2009

Tracked Since Feb 18, 2026