CVE-2009-2436

MyPHPDating 1.0 - SQL Injection via Page ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2436. PoCs published by ITTIHACK.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in MyPHPDating 1.0, specifically in the 'page.php' file. It includes a sample exploit URL demonstrating how to extract database information using a UNION-based SQL injection technique.

Description

SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by ITTIHACK · textwebappsphp

https://www.exploit-db.com/exploits/18300

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in MyPHPDating 1.0, specifically in the 'page.php' file. It includes a sample exploit URL demonstrating how to extract database information using a UNION-based SQL injection technique.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MyPHPDating version 1.0

No auth needed

Prerequisites: Access to the vulnerable 'page.php' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/35603

Exploit x_refsource_misc

http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/1819

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32268

Scores

EPSS 0.0099

EPSS Percentile 58.1%

Details

CWE

CWE-89

Status published

Products (1)

phponlinedatingsoftware/myphpdating 1.0

Published Jul 13, 2009

Tracked Since Feb 18, 2026