CVE-2008-0291

RichStrong CMS - SQL Injection via showproduct.asp cat Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0291. PoCs published by JosS.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in RichStrong CMS via the 'cat' parameter in 'showproduct.asp'. It updates all columns in the 'subject' table with a user-provided message, demonstrating arbitrary SQL command execution.

Description

SQL injection vulnerability in showproduct.asp in RichStrong CMS allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by JosS · perlwebappsasp
https://www.exploit-db.com/exploits/4910

This Perl script exploits a SQL injection vulnerability in RichStrong CMS via the 'cat' parameter in 'showproduct.asp'. It updates all columns in the 'subject' table with a user-provided message, demonstrating arbitrary SQL command execution.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: RichStrong CMS
No auth needed
Prerequisites: Target running RichStrong CMS with vulnerable 'showproduct.asp' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27281
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39668
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4910
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/486402/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28449
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27310

Scores

EPSS 0.0115
EPSS Percentile 62.5%

Details

CWE
CWE-89
Status published
Products (1)
hangzhou_rui-qiang/richstrong_cms
Published Jan 16, 2008
Tracked Since Feb 18, 2026