CVE-2010-4503

Aigaion 1.3.4 - SQL Injection via ID Parameter in export action

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4503. PoCs published by KnocKout.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Aigaion 1.3.4, where the 'ID' parameter in the export functionality is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code or proof-of-concept implementation.

Description

SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows remote attackers to execute arbitrary SQL commands via the ID parameter in an export action.

Exploits (1)

exploitdb WRITEUP VERIFIED

by KnocKout · textwebappsphp

https://www.exploit-db.com/exploits/35060

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Aigaion 1.3.4, where the 'ID' parameter in the export functionality is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code or proof-of-concept implementation.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Aigaion 1.3.4

No auth needed

Prerequisites: Access to the vulnerable Aigaion instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42463

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/96077/aigaion134-sql.txt

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/45232

Scores

EPSS 0.0098

EPSS Percentile 57.6%

Details

CWE

CWE-89

Status published

Products (1)

aigaion/aigaion 1.3.4

Published Dec 08, 2010

Tracked Since Feb 18, 2026