CVE-2008-2083
published 2008-05-05CVE-2008-2083: SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL…
PriorityP335medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.0th percentile
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qh98-rqfg-qhxq: SQL injection vulnerability in directory
ghsa_unreviewed·2022-05-17·CVSS 6.8
CVE-2008-6115 [MEDIUM] CWE-89 GHSA-qh98-rqfg-qhxq: SQL injection vulnerability in directory
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083.
GHSA
GHSA-2mfx-gf42-jf89: SQL injection vulnerability in directory
ghsa_unreviewed·2022-05-01
CVE-2008-2083 [MEDIUM] CWE-89 GHSA-2mfx-gf42-jf89: SQL injection vulnerability in directory
SQL injection vulnerability in directory.php in Prozilla Hosting Index, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a list action.
No detection rules found.
Exploit-DB
cPanel 11.x - Cross-Site Scripting / Local File Inclusion
exploitdb·2008-10-31
CVE-2008-6927 cPanel 11.x - Cross-Site Scripting / Local File Inclusion
cPanel 11.x - Cross-Site Scripting / Local File Inclusion
---
Script : Cpanel 11.x
Type : Local File Inclusion & Cross Site Scripting
Risk : High
Discovered by : Khashayar Fereidani
**** I am 17 Years Old ****
My Official Website : HTTP://FEREIDANI.IR
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Hadi Kiamarsi - Sina YazdanMehr
Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com
Local File Inclusion Vulnerability :
Note : Rename your shell to config.php and upload with your ftp account in ./ directory .... , now login in cpanel and
enter vulnerable address in url ....
https://ServerIp:2083/frontend/x3/fantastico/autoinstall4imagesgalleryupgrade.php?action=GoAhead&scriptpath_show=/home/[youruser]/
https://ServerIp:2083/frontend/x2/fan
Exploit-DB
Prozilla Hosting Index - 'cat_id' SQL Injection
exploitdb·2008-04-28
CVE-2008-2083 Prozilla Hosting Index - 'cat_id' SQL Injection
Prozilla Hosting Index - 'cat_id' SQL Injection
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_88$2008
[ECHO_ADV_88$2008] Prozilla Hosting Index (directory.php cat_id) Blind Sql Injection Vulnerability
Author : M.Hasran Addahroni
Date : April, 28 th 2007
Location : Jakarta, Indonesia
Web : http://advisories.echo.or.id/adv/adv88-K-159-2008.txt
Critical Lvl : Medium
Impact : System access
Where : From Remote
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Hosting Index
version : unknown
Vendor : http://www.prozilla.com/item.php?item=26
Description :
Vulnerability:
~~~~~~~~~~~~~
Input passed to the "cat_id" parameter in di
No writeups or analysis indexed.
http://advisories.echo.or.id/adv/adv88-K-159-2008.txthttp://secunia.com/advisories/29936http://securityreason.com/securityalert/3853http://www.securityfocus.com/archive/1/491395/100/0/threadedhttp://www.securityfocus.com/bid/28970https://exchange.xforce.ibmcloud.com/vulnerabilities/42269https://www.exploit-db.com/exploits/5516http://advisories.echo.or.id/adv/adv88-K-159-2008.txthttp://secunia.com/advisories/29936http://securityreason.com/securityalert/3853http://www.securityfocus.com/archive/1/491395/100/0/threadedhttp://www.securityfocus.com/bid/28970https://exchange.xforce.ibmcloud.com/vulnerabilities/42269https://www.exploit-db.com/exploits/5516
2008-05-05
Published