CVE-2010-3404

eshtery CMS - SQL Injection via Criteria Field or Admin Login Username

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3404. PoCs published by Abysssec.

AI-analyzed exploit summary This is a detailed writeup describing a SQL injection vulnerability in eshtery CMS, including step-by-step exploitation techniques to bypass authentication and extract admin credentials.

Description

Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textwebappsasp

https://www.exploit-db.com/exploits/14980

View Code ZIP pw:eip

This is a detailed writeup describing a SQL injection vulnerability in eshtery CMS, including step-by-step exploitation techniques to bypass authentication and extract admin credentials.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: eshtery CMS (copyrights 2003-2004)

No auth needed

Prerequisites: Access to the target web application · SQL injection knowledge

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/43168

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14980

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/61767

Scores

EPSS 0.0098

EPSS Percentile 57.6%

Details

CWE

CWE-89

Status published

Products (1)

eshtery.she7ata/eshtery_cms

Published Sep 16, 2010

Tracked Since Feb 18, 2026