CVE-2008-1909

PHPKB <2.0 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by parad0x · textwebappsphp

https://www.exploit-db.com/exploits/5428

View Code ZIP pw:eip

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/12561

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/29791

[Exploit] http://www.securityfocus.com/bid/28739

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5428

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/41769

Scores

EPSS 0.0058

EPSS Percentile 69.0%

Details

CWE

CWE-89

Status published

Products (2)

chadha_software_technologies/phpkb_knowledge_base 1.5

chadha_software_technologies/phpkb_knowledge_base 2.0

Published Apr 22, 2008

Tracked Since Feb 18, 2026