CVE-2007-4808

TLM CMS 3.2 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4808. PoCs published by k1tk4t.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in TLM CMS v3.2, allowing unauthorized access to user credentials via crafted HTTP requests. The PoC includes specific URLs with injected SQL queries targeting different files within the application.

Description

Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to news.php in a lirenews action, (2) the idnews parameter to goodies.php in a lire action, (3) the id parameter to file.php in a voir action, (4) the ID parameter to affichage.php, (5) the id_sal parameter to mod_forum/afficher.php, or (6) the id_sujet parameter to mod_forum/messages.php. NOTE: it was later reported that goodies.php and affichage.php scripts are reachable through index.php, and 1.1 is also affected. NOTE: it was later reported that the goodies.php vector also affects 3.1.

Exploits (1)

exploitdb WORKING POC VERIFIED

by k1tk4t · textwebappsphp

https://www.exploit-db.com/exploits/4376

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in TLM CMS v3.2, allowing unauthorized access to user credentials via crafted HTTP requests. The PoC includes specific URLs with injected SQL queries targeting different files within the application.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: TLM CMS v3.2

No auth needed

Prerequisites: Target application must be running TLM CMS v3.2 · Magic quotes must be disabled for some vectors

MITRE ATT&CK