CVE-2010-1270

Multi Auktions Komplett System 2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-1270. PoCs published by Easy Laster.

AI-analyzed exploit summary This is a Python-based blind SQL injection exploit targeting Multi Auktions Komplett System V2. It extracts user credentials (passwords, usernames, emails) by brute-forcing character-by-character via ASCII comparisons in SQL queries.

Description

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter.

Exploits (3)

exploitdb WORKING POC VERIFIED
by Easy Laster · textwebappsphp
https://www.exploit-db.com/exploits/11912

This is a Python-based blind SQL injection exploit targeting Multi Auktions Komplett System V2. It extracts user credentials (passwords, usernames, emails) by brute-forcing character-by-character via ASCII comparisons in SQL queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Multi Auktions Komplett System V2
No auth needed
Prerequisites: Target URL with vulnerable 'auktion_text.php' endpoint · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Easy Laster · textwebappsphp
https://www.exploit-db.com/exploits/11805

This is a writeup describing a blind SQL injection vulnerability in phpscripte24 Niedrig Gebote Pro Auktions System II. It provides example URLs to exploit the vulnerability in the `auktion.php` file by manipulating the `id_auk` parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpscripte24 Niedrig Gebote Pro Auktions System II
No auth needed
Prerequisites: Access to the vulnerable `auktion.php` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Easy Laster · textwebappsphp
https://www.exploit-db.com/exploits/11776

This is a writeup describing a blind SQL injection vulnerability in phpscripte24 Auktionshaus Community Standart System. It provides an example exploit URL to extract the admin password hash via substring manipulation.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: phpscripte24 Auktionshaus Community Standart System
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11776
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/63048
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56935
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38971
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38793

Scores

EPSS 0.0120
EPSS Percentile 64.1%

Details

CWE
CWE-89
Status published
Products (1)
phpscripte24/multi_suktions_komplett_system 2
Published Apr 06, 2010
Tracked Since Feb 18, 2026