cbcvebase.
CVE-2008-5191
published 2008-11-21

CVE-2008-5191: Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
17.58%
96.8th percentile
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
seportalseportal

Detection & IOCsextracted from sources · hover to see the quote

urlpoll.php?poll_id=1'+union+select+1,convert(concat_ws(0x3a3a,user_name,user_password)+using+latin1),1,1,1,1,1,1,1,1+from+seportal_users+limit+1,1/*
urlhttp://demo.seportal.org/poll.php?poll_id=1'+union+select+1,convert(concat_ws(0x3a3a,user_name,user_password)+using+latin1),1,1,1,1,1,1,1,1+from+seportal_users+limit+1,1/*
urlhttp://localhost/seportal2.5/staticpages.php?sp_id=1%27%20%20and+extractvalue%28rand%28%29,concat%280x7e,version%28%29%29%29--%20-
path/admin/downloads.php
path/data/down_media/
pathstaticpages.php
pathprint.php?mode=staticpage&client=printer&sp_id=(inject here)
  • Detect SQL injection attempts against poll.php via the poll_id parameter — look for UNION SELECT payloads with convert/concat_ws functions targeting seportal_users table.
  • Detect error-based SQL injection against staticpages.php via the sp_id parameter — look for extractvalue(rand(),concat(...)) or CONCAT/MID/IFNULL/CAST patterns in the sp_id query string.
  • Monitor for POST requests to /admin/downloads.php with multipart/form-data containing a PHP file upload (action=savefile), which is the RCE step following session hijack via SQLi.
  • Monitor GET requests to /data/down_media/*.php — uploaded PHP payloads are stored and executed from this path after exploitation.
  • The Metasploit module uses a non-admin login to steal the admin session cookie (sessionid) via SQL injection on staticpages.php, then replays it to /admin/downloads.php — alert on session cookie reuse from different IPs.
  • Use the Google dork 'Powered by SePortal 2.5' to identify exposed vulnerable installations for asset inventory and attack surface reduction.
  • ·The SQLi vulnerability in staticpages.php exists because sp_id is interpolated directly into the SQL query without sanitization — the vulnerable sink is the WHERE clause: WHERE sp_id = '".$sp_id."'
  • ·The Metasploit module targets SePortal 2.5 specifically; the original CVE-2008-5191 was disclosed against version 2.4 — both versions share the same vulnerable parameters (poll_id and sp_id).
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.