CVE-2023-41507

CRITICAL

Super Store Finder <3.6 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-41507. PoCs published by redblueteam.

AI-analyzed exploit summary This repository provides a detailed technical analysis of CVE-2023-41507, a SQL injection vulnerability in Super Store Finder v3.6. It includes vulnerability details, affected parameters, and screenshots demonstrating error-based SQL injection and SQLMap exploitation.

Description

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters.

Exploits (1)

nomisec WRITEUP

by redblueteam · poc

https://github.com/redblueteam/CVE-2023-41507

View Code ZIP pw:eip

This repository provides a detailed technical analysis of CVE-2023-41507, a SQL injection vulnerability in Super Store Finder v3.6. It includes vulnerability details, affected parameters, and screenshots demonstrating error-based SQL injection and SQLMap exploitation.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Super Store Finder v3.6 or below

No auth needed

Prerequisites: Access to the vulnerable endpoint · Ability to send crafted HTTP POST requests

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Release Notes, Third Party Advisory

https://github.com/redblueteam/CVE-2023-41507/

View Exploit ZIP pw:eip

Release Notes

https://superstorefinder.net/support/forums/topic/super-store-finder-patch-notes/

Scores

CVSS v3 9.8

EPSS 0.0078

EPSS Percentile 51.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

superstorefinder/super_store_finder 3.6

Published Sep 05, 2023

Tracked Since Feb 18, 2026