CVE-2008-1732

Prediction Football <1.x - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1732. PoCs published by 0in.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Prediction Football v1.x, allowing an attacker to extract admin credentials via a crafted URL. The PoC uses a UNION-based SQLi to retrieve the username and password from the 'pluserdata' table.

Description

SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 0in · textwebappsphp
https://www.exploit-db.com/exploits/5410

This exploit demonstrates a SQL injection vulnerability in Prediction Football v1.x, allowing an attacker to extract admin credentials via a crafted URL. The PoC uses a UNION-based SQLi to retrieve the username and password from the 'pluserdata' table.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Prediction Football v1.x
No auth needed
Prerequisites: Target must be running Prediction Football v1.x · The 'showpredictionsformatch.php' endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1160/references
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5410
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41728
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28704

Scores

EPSS 0.0097
EPSS Percentile 57.1%

Details

CWE
CWE-89
Status published
Products (1)
predictionfootball/predictionfootball 1
Published Apr 11, 2008
Tracked Since Feb 18, 2026