CVE-2008-0270

TaskFreak! < 0.6.1 - Authenticated SQL Injection via sContext Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0270. PoCs published by TheDefaced.

AI-analyzed exploit summary This is a technical writeup detailing a remote SQL injection vulnerability in TaskFreak! version 0.6.1. It includes the vulnerable code snippet, exploit URL, and prerequisites like disabled magic_quotes_gpc.

Description

SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the sContext parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by TheDefaced · textwebappsphp
https://www.exploit-db.com/exploits/4899

This is a technical writeup detailing a remote SQL injection vulnerability in TaskFreak! version 0.6.1. It includes the vulnerable code snippet, exploit URL, and prerequisites like disabled magic_quotes_gpc.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: TaskFreak! <= 0.6.1
Auth required
Prerequisites: Valid login credentials · magic_quotes_gpc set to Off in PHP configuration
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39645
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4899
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28448
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27257

Scores

EPSS 0.0039
EPSS Percentile 60.4%

Details

CWE
CWE-89
Status published
Products (1)
taskfreak/taskfreak < 0.6.1
Published Jan 15, 2008
Tracked Since Feb 18, 2026