CVE-2013-7193

C2C Forward Auction Creator 2.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2013-7193. PoCs published by R3d-D3V!L.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in EtoShop C2C Forward Auction Creator 2.0, where the 'pa' parameter in the URL is vulnerable to SQL injection due to insufficient input sanitization. No actual exploit code is provided, only a description of the vulnerability.

Description

Multiple SQL injection vulnerabilities in C2C Forward Auction Creator 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) pa parameter to auction/asp/list.asp, or the (2) UserID or (3) Password to auction/casp/admin.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/38876

The provided text describes a SQL injection vulnerability in EtoShop C2C Forward Auction Creator 2.0, where the 'pa' parameter in the URL is vulnerable to SQL injection due to insufficient input sanitization. No actual exploit code is provided, only a description of the vulnerability.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: EtoShop C2C Forward Auction Creator 2.0
No auth needed
Prerequisites: Access to the vulnerable URL endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by R3d-D3V!L · textwebappsphp
https://www.exploit-db.com/exploits/38877

The provided text describes a SQL injection vulnerability in EtoShop C2C Forward Auction Creator 2.0, where unsanitized user input in the UserID and Password fields can be exploited to manipulate SQL queries. The example demonstrates a classic authentication bypass using ' or '1=1--.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: EtoShop C2C Forward Auction Creator 2.0
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101076
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89752
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89755
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64329
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/101075

Scores

EPSS 0.0250
EPSS Percentile 82.6%

Details

CWE
CWE-89
Status published
Products (1)
etoshop/c2c_forward_auction_creator 2.0
Published Dec 21, 2013
Tracked Since Feb 18, 2026