SQL Injection Vulnerability in UCenter Home 2.0 by UCenter
CVE-2010-4912

Currently unrated

Key Information:

Vendor

Discuz

Status
Ucenter Home
Vendor
CVE Published:
8 October 2011

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2010-4912?

A SQL injection vulnerability exists in the shop.php file of UCenter Home 2.0. This flaw allows remote attackers to manipulate SQL queries executed on the server by injecting arbitrary SQL code through the 'shopid' parameter. Successful exploitation could lead to unauthorized access to sensitive database information, posing significant risks to the security and integrity of the application. It is essential for users of UCenter Home 2.0 to apply security updates and implement input validation measures to mitigate potential exploits.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2010-4912 - Proof of Concept

CVE-2010-4912 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/61783
vdb-entryx_refsource_XF
http://www.exploit-db.com/exploits/14997
exploitx_refsource_EXPLOIT-DB
http://packetstormsecurity.org/1009-exploits/ucenter-sql.txt
x_refsource_MISC

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.