CVE-2008-5287
published 2008-12-01CVE-2008-5287: SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.15%
62.9th percentile
SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ Manager 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| scripts4you | faq_manager | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FAQ Manager 1.2 - 'categorie.php' SQL Injection
exploitdb·2008-11-25
CVE-2008-5287 FAQ Manager 1.2 - 'categorie.php' SQL Injection
FAQ Manager 1.2 - 'categorie.php' SQL Injection
---
+---------------------------------------------------------------------------------------+
| |
| FAQ Manager 1.2 (categorie.php cat_id) Remote SQL Injection Vulnerability |
| Bug found by cOndemned |
| |
| Script site : http://www.4yoursite.nl/script_faq_manager.php |
| |
| Greetz: ZaBeaTy, str0ke, doctor, Necro, 0in, TBH, Av... |
| |
+---------------------------------------------------------------------------------------+
# source of categorie.php
[ ... ]
21. $catid = $_GET['cat_id'];
[ ... ]
72. $faq_query = mysql_query("SELECT * FROM `".$prefix."_faq` WHERE `faq_cat_id` = $catid");
73. while($faq = mysql_fetch_assoc($faq_query))
74. {
75. $faq_cat_id = ($faq['faq_cat_id']);
76. }
77.
78. $result = mysql_query("SELECT * FRO
Exploit-DB
Microsoft Excel - Code Execution (MS08-014)
exploitdb·2008-03-21
CVE-2008-0117 Microsoft Excel - Code Execution (MS08-014)
Microsoft Excel - Code Execution (MS08-014)
---
Microsoft Office Excel Code Execution Exploit (MS08-014)
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/5287.rar (2008-zha0_ms08_014.rar)
# milw0rm.com [2008-03-21]
No writeups or analysis indexed.
http://osvdb.org/50185http://secunia.com/advisories/32868http://securityreason.com/securityalert/4664http://www.securityfocus.com/bid/32466https://exchange.xforce.ibmcloud.com/vulnerabilities/46833https://www.exploit-db.com/exploits/7224http://osvdb.org/50185http://secunia.com/advisories/32868http://securityreason.com/securityalert/4664http://www.securityfocus.com/bid/32466https://exchange.xforce.ibmcloud.com/vulnerabilities/46833https://www.exploit-db.com/exploits/7224
2008-12-01
Published