CVE-2012-2236

PHP Gift Registry 1.5.5 - Authenticated SQL Injection via UserID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-2236. PoCs published by G13.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in PHP Gift Registry 1.5.5, specifically in the 'userid' parameter of the 'users.php' file. The exploit requires user authentication and provides a basic example of the vulnerable URL.

Description

SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 allows remote authenticated users to execute arbitrary SQL commands via the userid parameter in an edit action.

Exploits (1)

exploitdb WRITEUP

by G13 · textwebappsphp

https://www.exploit-db.com/exploits/18519

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in PHP Gift Registry 1.5.5, specifically in the 'userid' parameter of the 'users.php' file. The exploit requires user authentication and provides a basic example of the vulnerable URL.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PHP Gift Registry 1.5.5

Auth required

Prerequisites: User authentication

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2012-04/0110.html

Scores

EPSS 0.0090

EPSS Percentile 54.9%

Details

CWE

CWE-89

Status published

Products (1)

ryan_walberg/php_gift_registry 1.5.5

Published Apr 20, 2012

Tracked Since Feb 18, 2026