CVE-2008-0355
published 2008-01-18CVE-2008-0355: SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpecho_cms | phpecho_cms | <= 2.0-rc3 | — |
| phpecho_cms | phpecho_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x3gg-ffv7-p97q: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-2402 [HIGH] CWE-89 GHSA-x3gg-ffv7-p97q: SQL injection vulnerability in index
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different vector than CVE-2008-0355.
GHSA
GHSA-258q-rqhh-c2ph: SQL injection vulnerability in index
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-0355 [HIGH] CWE-89 GHSA-258q-rqhh-c2ph: SQL injection vulnerability in index
SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
No detection rules found.
No writeups or analysis indexed.
2008-01-18
Published