CVE-2008-5816
published 2009-01-02CVE-2008-5816: SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.27%
66.1th percentile
SQL injection vulnerability in repository.php in ILIAS 3.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ref_id parameter.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ilias | ilias | <= 3.7.4 | — |
| ilias | ilias | — | — |
| ilias | ilias | — | — |
| ilias | ilias | — | — |
| ilias | ilias | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP iMC Plat 7.2 - Remote Code Execution (2)
exploitdb·2017-11-29·CVSS 9.8
CVE-2017-5816 [CRITICAL] HP iMC Plat 7.2 - Remote Code Execution (2)
HP iMC Plat 7.2 - Remote Code Execution (2)
---
#!/opt/local/bin/python2.7
# Exploit Title: HP iMC Plat 7.2 dbman Opcode 10008 Command Injection RCE
# Date: 11-29-2017
# Exploit Author: Chris Lyne (@lynerc)
# Vendor Homepage: www.hpe.com
# Software Link: https://h10145.www1.hpe.com/Downloads/DownloadSoftware.aspx?SoftwareReleaseUId=16759&ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535&SaidNumber=
# Version: iMC PLAT v7.2 (E0403) Standard
# Tested on: Windows Server 2008 R2 Enterprise 64-bit
# CVE : CVE-2017-5816
# See Also: http://www.zerodayinitiative.com/advisories/ZDI-17-340/
# note that this PoC will create a file 'C:\10008.txt'
from pyasn1.type.univ import *
from pyasn1.type.namedtype import *
from pyasn1.codec.ber import encoder
import struct
import binascii
import soc
Exploit-DB
ILIAS 3.7.4 - 'ref_id' Blind SQL Injection
exploitdb·2008-12-24
CVE-2008-5816 ILIAS 3.7.4 - 'ref_id' Blind SQL Injection
ILIAS 3.7.4 - 'ref_id' Blind SQL Injection
---
###############################################################
#
# ILIAS Learning Management 50--
#
###############################################################
# milw0rm.com [2008-12-24]
No writeups or analysis indexed.
http://securityreason.com/securityalert/4858http://www.securityfocus.com/bid/33006https://exchange.xforce.ibmcloud.com/vulnerabilities/47615https://www.exploit-db.com/exploits/7570http://securityreason.com/securityalert/4858http://www.securityfocus.com/bid/33006https://exchange.xforce.ibmcloud.com/vulnerabilities/47615https://www.exploit-db.com/exploits/7570
2009-01-02
Published