CVE-2007-6538

MRBS - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6538. PoCs published by [email protected].

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in MRBS (Meeting Room Booking System) by injecting a UNION SELECT query to retrieve user data from the database. The vulnerability arises from insufficient sanitization of the 'id' parameter in the 'view_entry.php' script.

Description

SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by [email protected] · textwebappsphp

https://www.exploit-db.com/exploits/30921

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in MRBS (Meeting Room Booking System) by injecting a UNION SELECT query to retrieve user data from the database. The vulnerability arises from insufficient sanitization of the 'id' parameter in the 'view_entry.php' script.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MRBS (Meeting Room Booking System) and MRBS module for Moodle

No auth needed

Prerequisites: Access to the vulnerable MRBS or Moodle MRBS module web interface

MITRE ATT&CK