CVE-2008-0290

digitalhive < 2.0_rc2 - SQL Injection via selectskin Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0290. PoCs published by j0j0.

AI-analyzed exploit summary This is a working proof-of-concept for a SQL injection vulnerability in Hive v2.0 RC2. It demonstrates how an attacker can escalate privileges to admin by injecting malicious SQL into the 'selectskin' parameter during account creation.

Description

Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by j0j0 · htmlwebappsphp
https://www.exploit-db.com/exploits/4887

This is a working proof-of-concept for a SQL injection vulnerability in Hive v2.0 RC2. It demonstrates how an attacker can escalate privileges to admin by injecting malicious SQL into the 'selectskin' parameter during account creation.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Hive v2.0 RC2
Auth required
Prerequisites: Access to the Hive v2.0 RC2 registration page · Ability to create a new account
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27232
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39602
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4887

Scores

EPSS 0.0096
EPSS Percentile 56.9%

Details

CWE
CWE-89
Status published
Products (1)
digitalhive/digitalhive < 2.0_rc2
Published Jan 16, 2008
Tracked Since Feb 18, 2026