CVE-2008-1496

PEEL <3.x - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Charles Fol · phpwebappsphp

https://www.exploit-db.com/exploits/5281

View Code ZIP pw:eip

References (6)

[Exploit] http://realn.free.fr/releases/70207

[Vendor Advisory] http://secunia.com/advisories/29466

[Exploit] http://www.securityfocus.com/bid/28346

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41341

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41353

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5281

Scores

EPSS 0.0128

EPSS Percentile 79.7%

Details

CWE

CWE-89

Status published

Products (3)

peel/peel 1.0b

peel/peel 2.6

peel/peel 2.7

Published Mar 25, 2008

Tracked Since Feb 18, 2026