CVE-2008-0734

Limbo CMS < 1.0.4.2 - SQL Injection via cuid Cookie Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0734. PoCs published by The:Paradox.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Limbo CMS 1.0.4.2 by manipulating the 'cuid' cookie to extract user password hashes using the benchmark method.

Description

SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the cuid cookie parameter to admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by The:Paradox · pythonwebappsphp

https://www.exploit-db.com/exploits/5088

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Limbo CMS 1.0.4.2 by manipulating the 'cuid' cookie to extract user password hashes using the benchmark method.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Limbo CMS 1.0.4.2 and lower

No auth needed

Prerequisites: Target must be running Limbo CMS 1.0.4.2 or lower · SQL database must be used (not flat file)

MITRE ATT&CK

T1505 - Server Software Component T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5088

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/27710

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/40415

Scores

EPSS 0.0104

EPSS Percentile 59.6%

Details

CWE

CWE-89

Status published

Products (1)

limbo_cms/limbo_cms < 1.0.4.2

Published Feb 13, 2008

Tracked Since Feb 18, 2026