CVE-2010-2340

Arab Portal 2.2 - SQL Injection via Members.php by Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2340. PoCs published by SwEET-DeViL.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Arab Portal 2.2, where the 'by' parameter in the 'msearch' action is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Description

SQL injection vulnerability in members.php in Arab Portal 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the by parameter in the msearch action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by SwEET-DeViL · textwebappsphp

https://www.exploit-db.com/exploits/34127

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Arab Portal 2.2, where the 'by' parameter in the 'msearch' action is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Arab Portal 2.2

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40142

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40735

Exploit x_refsource_misc

http://packetstormsecurity.org/1006-exploits/arabportal22x-sql.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/65370

Scores

EPSS 0.0091

EPSS Percentile 55.4%

Details

CWE

CWE-89

Status published

Products (1)

arabportal/arab_portal 2.2

Published Jun 18, 2010

Tracked Since Feb 18, 2026