Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-5898. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes multiple vulnerabilities in Landshop v0.9.2, including SQL injection and persistent XSS. It provides proof-of-concept URLs for SQL injection but lacks executable exploit code.
Description
Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop 0.9.2 allows remote attackers to hijack the authentication of administrators for requests that change account settings.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/18687
The document describes multiple vulnerabilities in Landshop v0.9.2, including SQL injection and persistent XSS. It provides proof-of-concept URLs for SQL injection but lacks executable exploit code.
Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target:
Landshop v0.9.2
No auth needed
Prerequisites:
Network access to the target application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48661
Various Sources x_refsource_misc
http://vulnerability-lab.com/get_content.php?id=485
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/80800
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/18687
Exploit x_refsource_misc
http://packetstormsecurity.org/files/111415/Landshop-0.9.2-Cross-Site-Scripting-SQL-Injection.html
Scores
EPSS
0.0108
EPSS Percentile
60.6%
Details
CWE
CWE-352
Status
published
Products (1)
samedia/landshop
0.9.2
Published
Nov 17, 2012
Tracked Since
Feb 18, 2026