CVE-2017-20135

MEDIUM

Itech Dating Script 3.26 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20135. PoCs published by Kaan KAMIS.

AI-analyzed exploit summary This exploit demonstrates an SQL Injection vulnerability in Itech Dating Script v3.26 via the 'id' parameter in the 'see_more_details.php' endpoint. The payload uses a UNION-based query to extract arbitrary data from the database.

Description

A vulnerability classified as critical was found in Itech Dating Script 3.26. Affected by this vulnerability is an unknown functionality of the file /see_more_details.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC
by Kaan KAMIS · textwebappsphp
https://www.exploit-db.com/exploits/41190

This exploit demonstrates an SQL Injection vulnerability in Itech Dating Script v3.26 via the 'id' parameter in the 'see_more_details.php' endpoint. The payload uses a UNION-based query to extract arbitrary data from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Itech Dating Script v3.26
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL Injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Permissions Required, Third Party Advisory x_refsource_misc
https://vuldb.com/?id.96283
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/41190/

Scores

CVSS v3 6.3
EPSS 0.0076
EPSS Percentile 50.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
itechscripts/dating_script 3.26
Published Jul 16, 2022
Tracked Since Feb 18, 2026