CVE-2010-4980

iScripts ReserveLogic 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-4980. PoCs published by Salvatore Fresta, Vulnerability-Lab.

AI-analyzed exploit summary The document describes a SQL injection vulnerability in iScripts ReserveLogic 1.0, specifically in the 'pid' parameter of packagedetails.php. It provides a sample exploit URL but lacks executable code.

Description

SQL injection vulnerability in packagedetails.php in iScripts ReserveLogic 1.0 allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/14163

View Code ZIP pw:eip

The document describes a SQL injection vulnerability in iScripts ReserveLogic 1.0, specifically in the 'pid' parameter of packagedetails.php. It provides a sample exploit URL but lacks executable code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: iScripts ReserveLogic 1.0

No auth needed

Prerequisites: Valid package ID in the database

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP

by Vulnerability-Lab · textwebappsphp

https://www.exploit-db.com/exploits/19775

View Code ZIP pw:eip

This is a detailed vulnerability report for CVE-2010-4980, describing multiple SQL injection, arbitrary file upload, and XSS vulnerabilities in iScripts Reserve Logic v1.2 Booking CMS. It includes vulnerable files, parameters, and proof-of-concept examples.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Other

Complexity

Moderate

Reliability

Reliable

Target: iScripts Reserve Logic v1.2 Booking CMS

No auth needed

Prerequisites: Access to vulnerable endpoints · Basic knowledge of SQL injection and XSS techniques

MITRE ATT&CK