CVE-2017-17618

CRITICAL

Kickstarter Clone Script 2.0 - SQL Injection via investcalc.php projid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17618. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Kickstarter Clone Script 2.0. It provides a proof-of-concept URL demonstrating the vulnerability but does not include executable exploit code.

Description

Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php projid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/43286

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in Kickstarter Clone Script 2.0. It provides a proof-of-concept URL demonstrating the vulnerability but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Kickstarter Clone Script 2.0

No auth needed

Prerequisites: Access to the target URL

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

https://packetstormsecurity.com/files/145326/Kickstarter-Clone-Script-2.0-SQL-Injection.html

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43286/

Scores

CVSS v3 9.8

EPSS 0.0305

EPSS Percentile 85.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

kickstarter_clone_script_project/kickstarter_clone_script 2.0

Published Dec 13, 2017

Tracked Since Feb 18, 2026