CVE-2008-1315

ZClassifieds - SQL Injection via Cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1315. PoCs published by Lovebug.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the zClassifieds module for PHP-Nuke. The vulnerability allows an attacker to extract sensitive information, such as admin passwords, by manipulating the 'cat' parameter in the URL.

Description

SQL injection vulnerability in the ZClassifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the cat parameter to modules.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lovebug · textwebappsphp

https://www.exploit-db.com/exploits/31384

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in the zClassifieds module for PHP-Nuke. The vulnerability allows an attacker to extract sensitive information, such as admin passwords, by manipulating the 'cat' parameter in the URL.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP-Nuke zClassifieds module

No auth needed

Prerequisites: Access to the target URL with the zClassifieds module installed

MITRE ATT&CK