CVE-2012-6586

MYRE Vacation Rental Software - SQL Injection via Garage or Bathrooms Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6586. PoCs published by d3b4g.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in MYREphp Vacation Rental Software, including SQL injection and XSS. It provides functional PoC URLs for SQLi and XSS attacks, targeting specific endpoints like search.php and alert_members.php.

Description

Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by d3b4g · textwebappsphp

https://www.exploit-db.com/exploits/22712

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in MYREphp Vacation Rental Software, including SQL injection and XSS. It provides functional PoC URLs for SQLi and XSS attacks, targeting specific endpoints like search.php and alert_members.php.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: MYREphp Vacation Rental Software

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/22712/

Scores

EPSS 0.0112

EPSS Percentile 61.8%

Details

CWE

CWE-89

Status published

Products (1)

myrephp/myre_vacation_rental

Published Aug 25, 2013

Tracked Since Feb 18, 2026