Description
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by 599eme Man · textwebappsphp
https://www.exploit-db.com/exploits/9211
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1838
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35741
Exploit x_refsource_misc
http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt
Scores
EPSS
0.0042
EPSS Percentile
61.7%
Details
CWE
CWE-89
Status
published
Products (1)
web_development_house/alibaba_clone
Published
Jul 13, 2009
Tracked Since
Feb 18, 2026