CVE-2008-1934

Crazy Goomba 1.2.1 - SQL Injection via commentaires.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1934. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Crazy Goomba 1.2.1, allowing an attacker to extract admin credentials (username, MD5 password, and email) via a crafted UNION-based SQL query. The PoC provides clear steps to exploit the vulnerability and gain administrative access.

Description

SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/5481

This exploit demonstrates a SQL injection vulnerability in Crazy Goomba 1.2.1, allowing an attacker to extract admin credentials (username, MD5 password, and email) via a crafted UNION-based SQL query. The PoC provides clear steps to exploit the vulnerability and gain administrative access.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Crazy Goomba 1.2.1
No auth needed
Prerequisites: Access to the target web application · SQL injection vulnerability in the commentaires.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28880
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1304/references
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42023
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5481

Scores

EPSS 0.0100
EPSS Percentile 58.1%

Details

CWE
CWE-89
Status published
Products (1)
crazy_goomba/crazy_goomba 1.2.1
Published Apr 25, 2008
Tracked Since Feb 18, 2026