CVE-2008-0507

AdServe 0.2 - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0507. PoCs published by enter_the_dragon.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in the WordPress Adserve plugin v0.2. It injects a malicious SQL query via the 'id' parameter in adclick.php to retrieve administrator credentials from the wp_users table.

Description

SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by enter_the_dragon · phpwebappsphp
https://www.exploit-db.com/exploits/5013

This exploit targets a SQL injection vulnerability in the WordPress Adserve plugin v0.2. It injects a malicious SQL query via the 'id' parameter in adclick.php to retrieve administrator credentials from the wp_users table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WordPress Adserve plugin v0.2
No auth needed
Prerequisites: Target must have WordPress Adserve plugin v0.2 installed · Target must be accessible via HTTP
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40045
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27504
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0364
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/28708
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5013

Scores

EPSS 0.0274
EPSS Percentile 84.2%

Details

CWE
CWE-89
Status published
Products (1)
wordpress/adserve 0.2
Published Jan 31, 2008
Tracked Since Feb 18, 2026