CVE-2017-14703

CRITICAL

Cash Back Comparison Script 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14703. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Cash Back Comparison Script 1.0 by injecting a UNION-based payload to extract admin credentials from the 'users' table. The exploit constructs a malicious URL and uses LWP::UserAgent to fetch the response, parsing the output for credentials.

Description

SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · perlwebappsphp

https://www.exploit-db.com/exploits/42772

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Cash Back Comparison Script 1.0 by injecting a UNION-based payload to extract admin credentials from the 'users' table. The exploit constructs a malicious URL and uses LWP::UserAgent to fetch the response, parsing the output for credentials.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Cash Back Comparison Script 1.0

No auth needed

Prerequisites: Target URL with vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/42772/

Scores

CVSS v3 9.8

EPSS 0.0149

EPSS Percentile 81.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

cashbackcomparisonscript/cash_back_comparison 1.0

Published Sep 26, 2017

Tracked Since Feb 18, 2026