CVE-2015-1476

xlinkerz ecommerceMajor - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-1476. PoCs published by Manish Tanwar.

AI-analyzed exploit summary This exploit demonstrates SQL injection and authentication bypass vulnerabilities in ecommercemajor CMS. The SQLi occurs in the 'productbycat' parameter of product.php, and the auth bypass is achieved via SQLi in the admin login form.

Description

Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.

Exploits (1)

exploitdb WORKING POC

by Manish Tanwar · textwebappsphp

https://www.exploit-db.com/exploits/35878

View Code ZIP pw:eip

This exploit demonstrates SQL injection and authentication bypass vulnerabilities in ecommercemajor CMS. The SQLi occurs in the 'productbycat' parameter of product.php, and the auth bypass is achieved via SQLi in the admin login form.

Classification

Working Poc 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ecommercemajor ecommerce CMS

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/35878

Exploit x_refsource_misc

http://packetstormsecurity.com/files/130073/ecommerceMajor-SQL-Injection.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/117569

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/117570

Scores

EPSS 0.0240

EPSS Percentile 81.8%

Details

CWE

CWE-89

Status published

Products (1)

ecommercemajor_project/ecommercemajor

Published Feb 04, 2015

Tracked Since Feb 18, 2026