CVE-2008-4157
published 2008-09-22CVE-2008-4157: SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a…
PriorityP346high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
5.65%
92.0th percentile
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vastal | phpvid | — | — |
| vastal | phpvid | — | — |
| vastal | phpvid | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-69w9-hp3v-54xq: Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2013-5311 [HIGH] CWE-89 GHSA-69w9-hp3v-54xq: Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
GHSA
GHSA-4wvm-346h-cg2w: SQL injection vulnerability in groups
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-2563 [HIGH] CWE-89 GHSA-4wvm-346h-cg2w: SQL injection vulnerability in groups
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157.
GHSA
GHSA-r5cc-g84x-qhg2: SQL injection vulnerability in groups
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2008-4157 [HIGH] CWE-89 GHSA-r5cc-g84x-qhg2: SQL injection vulnerability in groups
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
No detection rules found.
Exploit-DB
PHPVID 1.2.3 - Multiple Vulnerabilities
exploitdb·2013-08-12
CVE-2013-5312 PHPVID 1.2.3 - Multiple Vulnerabilities
PHPVID 1.2.3 - Multiple Vulnerabilities
---
##################################################################################
_____ _ _ _ _____
| __ \ | | | | (_) / ____|
| |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___
| _ // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ \ / _ \/ __|
| | \ \ __/\ V / (_) | | |_| | |_| | (_) | | | | ____) | __/ (__
|_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
##################################################################################
PhpVID Script, Multiple Vulnerabilities
Product Page: http://www.vastal.com/phpvid-the-video-sharing-software.html
Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
###################################################################
Exploit-DB
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
exploitdb·2008-09-10
CVE-2008-4157 PHPVID 1.1 - Cross-Site Scripting / SQL Injection
PHPVID 1.1 - Cross-Site Scripting / SQL Injection
---
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ \_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #
# ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE #
# and all darkc0de members ---#
################################################################
#
# Author: r45c4l
#
# Home : www.darkc0de.com
#
# Email : r45c4l@
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/48018http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.htmlhttp://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/58http://secunia.com/advisories/31761http://securityreason.com/securityalert/4291http://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2-3-sql-injection-security-vulnerabilities/http://www.exploit-db.com/exploits/27519http://www.securityfocus.com/bid/31108http://www.vupen.com/english/advisories/2008/2552https://exchange.xforce.ibmcloud.com/vulnerabilities/45028https://www.exploit-db.com/exploits/6422http://osvdb.org/show/osvdb/48018http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.htmlhttp://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Mar/58http://secunia.com/advisories/31761http://securityreason.com/securityalert/4291http://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2-3-sql-injection-security-vulnerabilities/http://www.exploit-db.com/exploits/27519http://www.securityfocus.com/bid/31108http://www.vupen.com/english/advisories/2008/2552https://exchange.xforce.ibmcloud.com/vulnerabilities/45028https://www.exploit-db.com/exploits/6422
2008-09-22
Published