CVE-2008-1895

Carbon Communities <2.4 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1895. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection and XSS vulnerabilities in Carbon Communities forum software version 2.4 and prior. It includes functional PoC code for SQLi in events.asp, getpassword.asp, and option_Update.asp, as well as XSS in login.asp and member_send.asp.

Description

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsasp

https://www.exploit-db.com/exploits/5456

View Code ZIP pw:eip

The exploit demonstrates multiple SQL injection and XSS vulnerabilities in Carbon Communities forum software version 2.4 and prior. It includes functional PoC code for SQLi in events.asp, getpassword.asp, and option_Update.asp, as well as XSS in login.asp and member_send.asp.

Classification

Working Poc 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Carbon Communities forum 2.4 and prior

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK