CVE-2010-5001

Esoftpro Online Contact Manager 3.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5001. PoCs published by L0rd CrusAd3r.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection, XSS, and HTML injection vulnerabilities in Esoftpro Online Contact Manager version 3. It provides demo URLs but lacks actual exploit code or technical details for execution.

Description

SQL injection vulnerability in view.php in esoftpro Online Contact Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP

by L0rd CrusAd3r · textwebappsphp

https://www.exploit-db.com/exploits/14206

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection, XSS, and HTML injection vulnerabilities in Esoftpro Online Contact Manager version 3. It provides demo URLs but lacks actual exploit code or technical details for execution.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Esoftpro Online Contact Manager version 3

No auth needed

Prerequisites: access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41373

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/60043

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1700

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14206

Scores

EPSS 0.0101

EPSS Percentile 58.7%

Details

CWE

CWE-89

Status published

Products (1)

esoftpro/online_contact_manager 3.0

Published Nov 01, 2011

Tracked Since Feb 18, 2026