CVE-2017-20137

MEDIUM

Itech B2B Script 4.28 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-20137. PoCs published by Kaan KAMIS.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in Itech B2B Script v4.28, including boolean-based blind, time-based blind, and UNION query techniques. The payloads are crafted to extract arbitrary data from the database.

Description

A vulnerability was found in Itech B2B Script 4.28. It has been rated as critical. This issue affects some unknown processing of the file /catcompany.php. The manipulation of the argument token with the input 704667c6a1e7ce56d3d6fa748ab6d9af3fd7' AND 6539=6539 AND 'Fakj'='Fakj leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC
by Kaan KAMIS · textwebappsphp
https://www.exploit-db.com/exploits/41188

This exploit demonstrates SQL injection vulnerabilities in Itech B2B Script v4.28, including boolean-based blind, time-based blind, and UNION query techniques. The payloads are crafted to extract arbitrary data from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Itech B2B Script v4.28
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.96281
Third Party Advisory, VDB Entry x_refsource_misc
https://www.exploit-db.com/exploits/41188/

Scores

CVSS v3 6.3
EPSS 0.0058
EPSS Percentile 43.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
itechscripts/b2b_script 4.28
Published Jul 16, 2022
Tracked Since Feb 18, 2026