CVE-2009-4615

MYRE Holiday Rental Manager - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4615. PoCs published by Mr.SQL.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in MYRE Holiday Rental Manager via the 'review.php' script. It also includes an XSS payload for 'search.php'.

Description

SQL injection vulnerability in review.php in MYRE Holiday Rental Manager allows remote attackers to execute arbitrary SQL commands via the link_id parameter in a show_review action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/9630

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in MYRE Holiday Rental Manager via the 'review.php' script. It also includes an XSS payload for 'search.php'.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MYRE Holiday Rental Manager

No auth needed

Prerequisites: Access to the vulnerable 'review.php' or 'search.php' endpoints

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9630

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36655

Scores

EPSS 0.0023

EPSS Percentile 46.1%

Details

CWE

CWE-89

Status published

Products (1)

myrephp/myre_holiday_rental_manager

Published Jan 18, 2010

Tracked Since Feb 18, 2026