CVE-2010-5019

2daybiz Online Classified Script - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-5019. PoCs published by Sid3^effects.

AI-analyzed exploit summary This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in 2daybiz online classified system. It provides attack patterns and demo URLs but does not include functional exploit code.

Description

SQL injection vulnerability in view_photo.php in 2daybiz Online Classified Script allows remote attackers to execute arbitrary SQL commands via the alb parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/13894

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection and XSS vulnerabilities in 2daybiz online classified system. It provides attack patterns and demo URLs but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: 2daybiz online classified system

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40890

Exploit x_refsource_misc

http://packetstormsecurity.org/1006-exploits/2daybizocs-sqlxss.txt

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/13894

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40213

Scores

EPSS 0.0209

EPSS Percentile 79.2%

Details

CWE

CWE-89

Status published

Products (1)

2daybiz/online_classified_script

Published Nov 02, 2011

Tracked Since Feb 18, 2026