CVE-2010-4721

Immo Makler - SQL Injection via News.php ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-4721. PoCs published by Easy Laster.

AI-analyzed exploit summary This is a SQL injection proof-of-concept for Immo Makler software, demonstrating how to extract database version information via a union-based attack in the 'news.php' parameter. The exploit targets the 'user' table and is designed to leak data without requiring authentication.

Description

SQL injection vulnerability in news.php in Immo Makler allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Easy Laster · textwebappsphp

https://www.exploit-db.com/exploits/15754

View Code ZIP pw:eip

This is a SQL injection proof-of-concept for Immo Makler software, demonstrating how to extract database version information via a union-based attack in the 'news.php' parameter. The exploit targets the 'user' table and is designed to leak data without requiring authentication.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Immo Makler <= (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable 'news.php' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/69950

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15754

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/42676

Scores

EPSS 0.0214

EPSS Percentile 79.7%

Details

CWE

CWE-89

Status published

Products (1)

mhproducts/immo_makler

Published Feb 01, 2011

Tracked Since Feb 18, 2026