CVE-2009-3215

ixxo_cart < 3.9.6.1 - SQL Injection via Parent Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3215. PoCs published by sm0k3.

AI-analyzed exploit summary The document describes a SQL injection vulnerability in IXXO Cart! Standalone and Joomla Component, where the 'parent' variable is susceptible to SQLi. The proof of concept demonstrates an order-by-based injection technique.

Description

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by sm0k3 · textwebappsphp
https://www.exploit-db.com/exploits/9276

The document describes a SQL injection vulnerability in IXXO Cart! Standalone and Joomla Component, where the 'parent' variable is susceptible to SQLi. The proof of concept demonstrates an order-by-based injection technique.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: IXXO Cart! Standalone and Joomla Component (versions before 3.9.6.1)
No auth needed
Prerequisites: Access to the vulnerable parameter in the application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9276
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36009
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/505266/100/0/threaded
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35810

Scores

EPSS 0.0106
EPSS Percentile 60.3%

Details

CWE
CWE-89
Status published
Products (2)
php-shop-system/ixxo_cart
php-shop-system/ixxo_cart < 3.9.6.0
Published Sep 16, 2009
Tracked Since Feb 18, 2026