CVE-2010-1924

Live Shopping Multi Portal System - SQL Injection via Artikel Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1924. PoCs published by Easy Laster.

AI-analyzed exploit summary This Ruby script exploits a SQL injection vulnerability in phpscripte24 Live Shopping Multi Portal System by injecting malicious SQL queries into the 'artikel' parameter to extract user credentials (ID, password, and email) from the database.

Description

SQL injection vulnerability in index.php in Hi Web Wiesbaden Live Shopping Multi Portal System allows remote attackers to execute arbitrary SQL commands via the artikel parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Easy Laster · rubywebappsphp
https://www.exploit-db.com/exploits/12545

This Ruby script exploits a SQL injection vulnerability in phpscripte24 Live Shopping Multi Portal System by injecting malicious SQL queries into the 'artikel' parameter to extract user credentials (ID, password, and email) from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpscripte24 Live Shopping Multi Portal System
No auth needed
Prerequisites: Target URL with vulnerable parameter · User ID to extract credentials for · Database table prefix
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39718
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58392
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/12545
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/40040
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/64512

Scores

EPSS 0.0100
EPSS Percentile 58.3%

Details

CWE
CWE-89
Status published
Products (1)
phpscripte24/live_shopping_multi_portal_system
Published May 12, 2010
Tracked Since Feb 18, 2026