CVE-2008-0943

Aeries Student Information System 3.7.2.2 - SQL Injection via FC Parameter or Term Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2008-0943. PoCs published by Arsalan Emamjomehkashan.

AI-analyzed exploit summary The provided text describes SQL injection and HTML injection vulnerabilities in Aeries Student Information System but does not include functional exploit code. It references a generic example URL without payload details.

Description

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Arsalan Emamjomehkashan · textwebappsphp
https://www.exploit-db.com/exploits/31277

The provided text describes SQL injection and HTML injection vulnerabilities in Aeries Student Information System but does not include functional exploit code. It references a generic example URL without payload details.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Aeries Student Information System 3.8.2.8, 3.7.2.2
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Arsalan Emamjomehkashan · textwebappsasp
https://www.exploit-db.com/exploits/31276

The provided text describes SQL injection and HTML injection vulnerabilities in Aeries Student Information System. It includes a sample URL demonstrating the SQL injection but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Aeries Student Information System 3.8.2.8 and 3.7.2.2
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Arsalan Emamjomehkashan · textwebappsasp
https://www.exploit-db.com/exploits/31275

The provided text describes SQL injection and HTML injection vulnerabilities in Aeries Student Information System but does not include functional exploit code. It references a URL parameter vulnerable to SQLi without a payload or demonstration.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Aeries Student Information System 3.8.2.8, 3.7.2.2
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/488428/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29053
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/27924
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3696
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/40757

Scores

EPSS 0.0101
EPSS Percentile 58.8%

Details

CWE
CWE-89
Status published
Products (2)
aeries/aeries_student_information_system 3.7.2.2
aeries/aeries_student_information_system 3.8.2.8
Published Feb 25, 2008
Tracked Since Feb 18, 2026