CVE-2008-0267

eTicket 1.5.5.2 - Authenticated SQL Injection via search.php and admin.php Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-0267. PoCs published by L4teral.

AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in eTicket 1.5.5.2, including SQL injection, XSS, and authentication bypass. It includes a sample URL demonstrating a potential SQL injection attack but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by L4teral · textwebappsphp
https://www.exploit-db.com/exploits/30996

The provided text describes multiple input-validation vulnerabilities in eTicket 1.5.5.2, including SQL injection, XSS, and authentication bypass. It includes a sample URL demonstrating a potential SQL injection attack but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: eTicket 1.5.5.2
No auth needed
Prerequisites: Access to the vulnerable eTicket application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by L4teral · textwebappsphp
https://www.exploit-db.com/exploits/30997

The provided text describes multiple input-validation vulnerabilities in eTicket 1.5.5.2, including SQL injection, XSS, and authentication bypass. It includes a sample URL demonstrating a potential SQL injection vector but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: eTicket 1.5.5.2
No auth needed
Prerequisites: Access to the target application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39487
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/485835/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39489
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28331
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27173
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3542

Scores

EPSS 0.0115
EPSS Percentile 62.8%

Details

CWE
CWE-89
Status published
Products (1)
eticket/eticket 1.5.5.2
Published Jan 15, 2008
Tracked Since Feb 18, 2026