CVE-2010-4298

Free Simple Software 1.0 - SQL Injection via downloads_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4298. PoCs published by Dr.$audi, Mark Stanislav.

AI-analyzed exploit summary This is a writeup describing an RFI (Remote File Inclusion) vulnerability in Free Simple Software V1.0. It provides URLs for exploitation but lacks actual exploit code.

Description

SQL injection vulnerability in the download module in Free Simple Software 1.0 allows remote attackers to execute arbitrary SQL commands via the downloads_id parameter in a download_now action to index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Dr.$audi · textwebappsphp

https://www.exploit-db.com/exploits/14672

View Code ZIP pw:eip

This is a writeup describing an RFI (Remote File Inclusion) vulnerability in Free Simple Software V1.0. It provides URLs for exploitation but lacks actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Free Simple Software V1.0

No auth needed

Prerequisites: vulnerable version of Free Simple Software V1.0 · ability to host a malicious shell script

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Mark Stanislav · textwebappsphp

https://www.exploit-db.com/exploits/15608

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in 'Free Simple Software' version 1.0, allowing an attacker to extract plaintext administrator credentials via a UNION SELECT query. The vulnerability is due to improper sanitization of the 'downloads_id' parameter in the download module.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Free Simple Software 1.0

No auth needed

Prerequisites: At least one download must exist in the application · The application must be using the download module

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

https://www.uncompiled.com/2010/11/free-simple-software-sql-injection-vulnerability-cve-2010-4298/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/514863/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/44998

Scores

EPSS 0.0099

EPSS Percentile 57.9%

Details

CWE

CWE-89

Status published

Products (1)

dustincowell/free_simple_software 1.0

Published Nov 26, 2010

Tracked Since Feb 18, 2026