CVE-2008-1918

PHP-Fusion <6.01.14, <6.00.307 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1918. PoCs published by StAkeR, The:Paradox.

AI-analyzed exploit summary This exploit targets a blind SQL injection vulnerability in PHP-Fusion <= 7.00.2 by leveraging time-based techniques to extract user password hashes. It requires authentication and specific server configurations (magic_quotes_gpc off, register_globals on).

Description

SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED
by StAkeR · perlwebappsphp
https://www.exploit-db.com/exploits/7576

This exploit targets a blind SQL injection vulnerability in PHP-Fusion <= 7.00.2 by leveraging time-based techniques to extract user password hashes. It requires authentication and specific server configurations (magic_quotes_gpc off, register_globals on).

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHP-Fusion <= 7.00.2
Auth required
Prerequisites: Authentication credentials · magic_quotes_gpc off · register_globals on
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by The:Paradox · pythonwebappsphp
https://www.exploit-db.com/exploits/5470

This exploit targets a blind SQL injection vulnerability in PHP-Fusion 6.00.307 by manipulating the serialized array in the submit.php page. It uses the benchmark method to extract user password hashes via timing-based SQL injection.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHP-Fusion 6.00.307
Auth required
Prerequisites: magic_quotes_gpc = 0 · valid user credentials · target user ID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33295
Patch, Vendor Advisory x_refsource_confirm
http://www.php-fusion.co.uk/news.php
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41914
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5470
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1318/references
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7576
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/29930
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28855
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/51052
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47610

Scores

EPSS 0.0149
EPSS Percentile 70.6%

Details

CWE
CWE-89
Status published
Products (2)
php-fusion/php-fusion 6.00.307
php-fusion/php-fusion 6.01.14
Published Apr 23, 2008
Tracked Since Feb 18, 2026