CVE-2010-1336

INVOhost 3.4 - SQL Injection via site.php id/newlanguage Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1336. PoCs published by Andrés Gómez.

AI-analyzed exploit summary This is a writeup describing SQL injection vulnerabilities in INVOhost software, providing examples of vulnerable parameters and mitigation suggestions. No actual exploit code is included.

Description

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php, (3) search parameter to manuals.php, and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andrés Gómez · textwebappsphp

https://www.exploit-db.com/exploits/11874

View Code ZIP pw:eip

This is a writeup describing SQL injection vulnerabilities in INVOhost software, providing examples of vulnerable parameters and mitigation suggestions. No actual exploit code is included.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: INVOhost (version not specified)

No auth needed

Prerequisites: Access to a vulnerable INVOhost installation

MITRE ATT&CK