CVE-2010-0631

Eicrasoft Eicra Car Rental-script - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hamza 'MizoZ' N. · textwebappsphp

https://www.exploit-db.com/exploits/11323

View Code ZIP pw:eip

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38389

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11323

Scores

EPSS 0.0010

EPSS Percentile 27.7%

Details

CWE

CWE-89

Status published

Products (1)

eicrasoft/eicra_car_rental-script

Published Feb 12, 2010

Tracked Since Feb 18, 2026