CVE-2011-4811

BestShopPro - SQL Injection via pokaz_podkat.php str Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4811. PoCs published by CoBRa_21.

AI-analyzed exploit summary This is a writeup describing multiple vulnerabilities (XSS, HTML injection, and SQL injection) in BST - BestShopPro's nowosci.php. It provides example URLs to exploit these vulnerabilities but does not include functional exploit code.

Description

SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CoBRa_21 · textwebappsphp

https://www.exploit-db.com/exploits/18063

View Code ZIP pw:eip

This is a writeup describing multiple vulnerabilities (XSS, HTML injection, and SQL injection) in BST - BestShopPro's nowosci.php. It provides example URLs to exploit these vulnerabilities but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: BST - BestShopPro

No auth needed

Prerequisites: Access to the target application · Vulnerable version of BST - BestShopPro

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/18063

Scores

EPSS 0.0101

EPSS Percentile 58.5%

Details

CWE

CWE-89

Status published

Products (1)

bst/bestshoppro

Published Dec 14, 2011

Tracked Since Feb 18, 2026