CVE-2008-4082
published 2008-09-15CVE-2008-4082: SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL…
PriorityP426medium4.6CVSS 2.0
AVNACHAuSCPIPAP
EXPLOIT
EPSS
0.84%
53.2th percentile
SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via an arbitrary field in a search action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| brim-project | brim | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Brim < 2.0.0 - SQL Injection
exploitdb·2012-02-22·CVSS 4.6
CVE-2008-4082 [MEDIUM] Brim < 2.0.0 - SQL Injection
Brim < 2.0.0 - SQL Injection
---
BRIM < 2.0.0 SQL InjectionExploit information
- Exploit Title: BRIM < 2.0.0 SQL Injection
- Google Dork: "Brim project" intitle:"Brim - login"
- Date: 2012-02-20
- Author: ifnull
- Tested on: Apache/2.2.3, PHP/5.1.6, MySQL 5.0.45 � although it should
work on any environment. Example uses MySQL 5 query escape but can easily
be ported to prior versions of MySQL.
- Description: Unlike CVE-2008-4082, this will work with or without
magic_quotes_gpc enabled. Like the last exploit however, you must first
create an account and enable "tasks". By default anyone can create an
account and the accounts are automatically approved.
Software information
- Version: < 2.0.0
- Link: http://sourceforge.net/projects/brim/
- Description: BRIM is a MVC framework, written in
Exploit-DB
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
exploitdb·2008-08-30
CVE-2008-4083 Brim 2.0.0 - SQL Injection / Cross-Site Scripting
Brim 2.0.0 - SQL Injection / Cross-Site Scripting
---
|| || | ||
o_,_7 _|| . _o_7 _|| 4_|_|| o_w_,
( : / (_) / ( .
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
| _ __ __ __ ______ |
| /' \ __ /'__`\ /\ \__ /'__`\ /\ ___\ |
| /\_, \ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __\ \ \__/ |
| \/_/\ \ /' _ `\ \/\ \/_/_\_> Kings of injection |
| \/___/ |
| |
|-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=|
> Found by : Fisher762
> C0ntact : [email protected]
> Groups : InjEctOr5
+++++++++++++ R3membeR Kings of injection +++++++++++++
> script : Brim 2.0
> Demo site : http://sourceforge.net/project/showfiles.php?group_id=129562
++++++++++++++++ pWning israel fuckers ++++++++++++++++
> D0rk : :)
> Exploit :
[SQL]
First register new acc0unt :
http:/
No writeups or analysis indexed.
http://secunia.com/advisories/31661http://securityreason.com/securityalert/4251http://www.securityfocus.com/bid/30944https://exchange.xforce.ibmcloud.com/vulnerabilities/44789https://www.exploit-db.com/exploits/6332http://secunia.com/advisories/31661http://securityreason.com/securityalert/4251http://www.securityfocus.com/bid/30944https://exchange.xforce.ibmcloud.com/vulnerabilities/44789https://www.exploit-db.com/exploits/6332
2008-09-15
Published