Description
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by xcorpitx · textwebappsphp
https://www.exploit-db.com/exploits/5223
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/28159
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/5223
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29297
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41066
Scores
EPSS
0.0057
EPSS Percentile
68.8%
Details
CWE
CWE-89
Status
published
Products (1)
bmscripts/bm_classifieds
< 20080309
Published
Mar 10, 2008
Tracked Since
Feb 18, 2026