CVE-2010-5004

2daybiz Polls Script - SQL Injection via searchvote.php category parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5004. PoCs published by Easy Laster.

AI-analyzed exploit summary This Ruby script exploits a SQL injection vulnerability in 2daybiz Polls Script via the 'category' parameter in searchvote.php. It extracts user credentials (ID, username, password, and email) from the 'home_table' by injecting UNION-based SQL queries.

Description

SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka Advanced Poll) Script allows remote attackers to execute arbitrary SQL commands via the category parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Easy Laster · rubywebappsphp

https://www.exploit-db.com/exploits/14074

View Code ZIP pw:eip

This Ruby script exploits a SQL injection vulnerability in 2daybiz Polls Script via the 'category' parameter in searchvote.php. It extracts user credentials (ID, username, password, and email) from the 'home_table' by injecting UNION-based SQL queries.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: 2daybiz Polls Script

No auth needed

Prerequisites: Target URL with vulnerable 'searchvote.php' endpoint · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41172

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14074

Scores

EPSS 0.0093

EPSS Percentile 55.9%

Details

CWE

CWE-89

Status published

Products (1)

2daybiz/polls_script

Published Nov 02, 2011

Tracked Since Feb 18, 2026