CVE-2008-0232

Zero CMS 1.0 Alpha - SQL Injection via id f or t Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0232. PoCs published by KiNgOfThEwOrLd.

AI-analyzed exploit summary The exploit demonstrates a file upload vulnerability in Zero CMS by bypassing the avatar upload extension filter via Content-Type manipulation. It also includes SQL injection examples targeting unfiltered database variables.

Description

Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to index.php, or the (2) f or t parameters to forums/index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by KiNgOfThEwOrLd · textwebappsphp
https://www.exploit-db.com/exploits/4864

The exploit demonstrates a file upload vulnerability in Zero CMS by bypassing the avatar upload extension filter via Content-Type manipulation. It also includes SQL injection examples targeting unfiltered database variables.

Classification
Working Poc 90%
Attack Type
Rce | Sqli
Complexity
Trivial
Reliability
Reliable
Target: Zero CMS <= 1.0 Alpha
Auth required
Prerequisites: Access to user account for avatar upload · Network access to target
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27186
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4864
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39530

Scores

EPSS 0.0097
EPSS Percentile 57.1%

Details

CWE
CWE-89
Status published
Products (1)
zero_cms/zero_cms 1.0_alpha
Published Jan 11, 2008
Tracked Since Feb 18, 2026