CVE-2013-7189

iScripts AutoHoster - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.

Exploits (4)

exploitdb WRITEUP VERIFIED

by i-Hmx · textwebappsphp

https://www.exploit-db.com/exploits/38888

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by i-Hmx · textwebappsphp

https://www.exploit-db.com/exploits/38886

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by i-Hmx · textwebappsphp

https://www.exploit-db.com/exploits/38885

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by i-Hmx · textwebappsphp

https://www.exploit-db.com/exploits/38887

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/101049

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89816

Mailing List mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2013/Dec/121

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/101050

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/101051

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/101053

Scores

EPSS 0.0130

EPSS Percentile 79.8%

Details

CWE

CWE-89

Status published

Products (1)

iscripts/autohoster 2.4

Published Dec 20, 2013

Tracked Since Feb 18, 2026