CVE-2022-28132

HIGH

T-Soft E-Commerce 4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-28132. PoCs published by Alperen Ergel.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in T-Soft E-Commerce 4. It provides a captured HTTP request with a vulnerable parameter (`SatisAlt`) and SQLMap output confirming boolean-based blind SQLi.

Description

The T-Soft E-Commerce 4 web application is susceptible to SQL injection (SQLi) attacks when authenticated as an admin or privileged user. This vulnerability allows attackers to access and manipulate the database through crafted requests. By exploiting this flaw, attackers can bypass authentication mechanisms, view sensitive information stored in the database, and potentially exfiltrate data.

Exploits (1)

exploitdb WORKING POC

by Alperen Ergel · textwebappsmultiple

https://www.exploit-db.com/exploits/50939

View Code ZIP pw:eip

This exploit demonstrates an authenticated SQL injection vulnerability in T-Soft E-Commerce 4. It provides a captured HTTP request with a vulnerable parameter (`SatisAlt`) and SQLMap output confirming boolean-based blind SQLi.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: T-Soft E-Commerce v4

Auth required

Prerequisites: Admin or privileged user credentials · Burp Suite or ZAP for request capture · SQLMap for exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://www.exploit-db.com/exploits/50939

Scores

CVSS v3 7.2

EPSS 0.0061

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Published May 14, 2024

Tracked Since Feb 18, 2026