CVE-2017-20136

MEDIUM

Itech Classifieds Script 7.27 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20136. PoCs published by Kaan KAMIS.

AI-analyzed exploit summary This is a technical writeup detailing an SQL Injection vulnerability in Itech Classifieds Script v7.27. It provides specific payloads for boolean-based blind and UNION-based SQLi attacks via the 'scat' GET parameter.

Description

A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. Affected is an unknown function of the file /subpage.php. The manipulation of the argument scat with the input =51' AND 4941=4941 AND 'hoCP'='hoCP leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WRITEUP
by Kaan KAMIS · textwebappsphp
https://www.exploit-db.com/exploits/41189

This is a technical writeup detailing an SQL Injection vulnerability in Itech Classifieds Script v7.27. It provides specific payloads for boolean-based blind and UNION-based SQLi attacks via the 'scat' GET parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Itech Classifieds Script v7.27
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.96282
Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/41189/

Scores

CVSS v3 6.3
EPSS 0.0058
EPSS Percentile 43.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
itechscripts/classifieds_script 7.27
Published Jul 16, 2022
Tracked Since Feb 18, 2026