CVE-2017-17626
CRITICALReadymade PHP Classified Script 3.3 - SQL Injection via Categories Subctid or Mctid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2017-17626. PoCs published by Ihsan Sencan.
AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Readymade PHP Classified Script 3.3 via the 'subctid' and 'mctid' parameters. The PoC includes payloads to extract database information such as user, database name, and version, as well as table names from the information_schema.
Description
Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.
Exploits (1)
This exploit demonstrates SQL injection vulnerabilities in Readymade PHP Classified Script 3.3 via the 'subctid' and 'mctid' parameters. The PoC includes payloads to extract database information such as user, database name, and version, as well as table names from the information_schema.
References (2)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H