Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-5294. PoCs published by Arturo Zamora.
AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Tienda Virtual by injecting a UNION-based SQL query into the 'id' parameter of 'art_detalle.php'. This allows an attacker to extract data from the database, including metadata from 'information_schema.tables'.
Description
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
The exploit demonstrates an SQL injection vulnerability in Tienda Virtual by injecting a UNION-based SQL query into the 'id' parameter of 'art_detalle.php'. This allows an attacker to extract data from the database, including metadata from 'information_schema.tables'.