Exploitation Summary
EIP tracks 1 public exploit for CVE-2013-3536. PoCs published by HJauditing Employee Tim.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WHMCS GroupPay plugin (version <= 1.5). The vulnerability occurs in the `gp_LoadUserFromHash` function due to improper sanitization of the `hash` parameter, allowing arbitrary SQL queries.
Description
SQL injection vulnerability in the gp_LoadUserFromHash function in functions_hash.php in the Group Pay module 1.5 and earlier for WHMCS allows remote attackers to execute arbitrary SQL commands via the hash parameter.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in the WHMCS GroupPay plugin (version <= 1.5). The vulnerability occurs in the `gp_LoadUserFromHash` function due to improper sanitization of the `hash` parameter, allowing arbitrary SQL queries.