CVE-2023-4708

MEDIUM

Clcknshop 1.0.0 - SQL Injection via GET Parameter Handler

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-4708. PoCs published by CraCkEr.

AI-analyzed exploit summary This is a writeup describing a time-based blind SQL injection vulnerability in Clcknshop 1.0.0 via the 'tag' GET parameter. It includes a payload example but lacks executable exploit code.

Description

A vulnerability was found in Infosoftbd Clcknshop 1.0.0. It has been rated as critical. This issue affects some unknown processing of the file /collection/all of the component GET Parameter Handler. The manipulation of the argument tag leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-238571. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Exploits (1)

exploitdb WRITEUP
by CraCkEr · textwebappsphp
https://www.exploit-db.com/exploits/51729

This is a writeup describing a time-based blind SQL injection vulnerability in Clcknshop 1.0.0 via the 'tag' GET parameter. It includes a payload example but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Clcknshop 1.0.0
No auth needed
Prerequisites: Access to the vulnerable endpoint /collection/all
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.238571
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.238571

Scores

CVSS v3 6.3
EPSS 0.0320
EPSS Percentile 87.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
infosoftbd/clcknshop 1.0.0
Published Sep 01, 2023
Tracked Since Feb 18, 2026