Exploitation Summary
EIP tracks 1 public exploit for CVE-2014-3978. PoCs published by Breaking.Technology.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in TomatoCart v1.x by manipulating input fields in the address book to extract admin credentials. The PoC leverages improper sanitization of colons in user input to bypass security measures.
Description
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in TomatoCart v1.x by manipulating input fields in the address book to extract admin credentials. The PoC leverages improper sanitization of colons in user input to bypass security measures.