CVE-2008-1122

Koobi Pro 5.7 - SQL Injection via Downloads Module categ Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1122. PoCs published by JosS, Cr@zy_King.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Koobi CMS versions 4.3.0, 4.2.5, and 4.2.4. It provides specific URLs and payloads to extract admin credentials from the database.

Description

SQL injection vulnerability in the downloads module in Koobi Pro 5.7 allows remote attackers to execute arbitrary SQL commands via the categ parameter to index.php. NOTE: it was later reported that this also affects Koobi CMS 4.2.4, 4.2.5, and 4.3.0.

Exploits (2)

exploitdb WORKING POC VERIFIED

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/5447

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in Koobi CMS versions 4.3.0, 4.2.5, and 4.2.4. It provides specific URLs and payloads to extract admin credentials from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Koobi CMS 4.3.0, 4.2.5, 4.2.4

No auth needed

Prerequisites: Target running vulnerable Koobi CMS version · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Cr@zy_King · textwebappsphp

https://www.exploit-db.com/exploits/5198

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Koobi Pro 5.7. It provides the vulnerable parameter and a sample SQL injection payload but does not include executable exploit code.

Classification

Writeup 90%