Exploitation Summary
EIP tracks 1 public exploit for CVE-2021-36520. PoCs published by Adrian Bondocea.
AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in itech TrainSmart r1044 by using sqlmap to extract database information via a crafted request to the 'id' parameter in the evaluation endpoint.
Description
A SQL injection vulnerability in I-Tech Trainsmart r1044 exists via a evaluation/assign-evaluation?id= URI.
Exploits (1)
exploitdb
SCANNER
by Adrian Bondocea · textwebappsphp
https://www.exploit-db.com/exploits/51253
The exploit demonstrates a SQL injection vulnerability in itech TrainSmart r1044 by using sqlmap to extract database information via a crafted request to the 'id' parameter in the evaluation endpoint.
Classification
Scanner 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
itech TrainSmart r1044
No auth needed
Prerequisites:
Access to the target URL · sqlmap installed
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/171731/itech-TrainSmart-r1044-SQL-Injection.html
Scores
CVSS v3
7.5
EPSS
0.0270
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
washington/i-tech_trainsmart
r1044
Published
Apr 16, 2023
Tracked Since
Feb 18, 2026