CVE-2009-4883
published 2010-06-11CVE-2009-4883: SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2)…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.5th percentile
SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| todd_rogers | phprecipebook | — | — |
| todd_rogers | phprecipebook | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHPRecipeBook 2.39 - 'course_id' SQL Injection
exploitdb·2009-03-31
CVE-2009-4883 PHPRecipeBook 2.39 - 'course_id' SQL Injection
PHPRecipeBook 2.39 - 'course_id' SQL Injection
---
//////////////////////////////////////////////////////////////////////
////////////////////////////1923TURK - GRUP///////////////////////////
//////////////////////////////////////////////////////////////////////
[!] Script : PHPRecipeBook
[!] Verison : 2.39
[!] Download : http://sourceforge.net/projects/phprecipebook/
[-] Bugs : Remote SQL injection Exploit
[-] Dork : inurl:"/index.php?m=" "PHPRecipeBook 2.39"
[-] Date : 31-03-09(19:33)
[+] Author : DarKdewiL
[+] GroupWeb : www.1923turk.biz
[-] Contact : [email protected]
[!] Note : Always use the time you have to finish your work.
Never leave it to the last minute.
Once time goes away, it never comes back
//////////////////////////////////////////////////////////////////////
[-
Exploit-DB
PHPRecipeBook 2.24 - 'base_id' SQL Injection
exploitdb·2009-03-09
CVE-2009-4883 PHPRecipeBook 2.24 - 'base_id' SQL Injection
PHPRecipeBook 2.24 - 'base_id' SQL Injection
---
[+] PHPRecipeBook 2.24 (_id)Remort SQL Injection Vulnerability
[-]
[+] Discovered By d3b4g
[+] script: http://phprecipebook.sourceforge.net/demo/phprecipebook/
[+] Greetz : str0ke | Inerd | & friends
[-] Follow me on twitter www.twitter.com/schaba
About:
------>
PHPRecipeBook is a Web-based cookbook with the
ability to create shopping lists from recipes selected.
The lists can be saved and later reloaded and edited.
The shopping list also attempts to combine similar items
so that duplication does not occur.
/* start
0x1
Proof of concept
Exploit:http:localhost.com[path]index.php?m=recipes&a=search&search=yes&base_id=5+union+all+select+1,2,concat(0x3a,@@version),4,5,6,7+from+security_users--
Demo:1 http://phprecipebook.sourceforge.ne
No writeups or analysis indexed.
http://secunia.com/advisories/34221http://www.exploit-db.com/exploits/8182http://www.securityfocus.com/bid/34052https://exchange.xforce.ibmcloud.com/vulnerabilities/49145http://secunia.com/advisories/34221http://www.exploit-db.com/exploits/8182http://www.securityfocus.com/bid/34052https://exchange.xforce.ibmcloud.com/vulnerabilities/49145
2010-06-11
Published