CVE-2008-1968

Cezanne 7 - Authenticated SQL Injection via FUNID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-1968. PoCs published by Juan de la Fuente Costa.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Cezanne Software by injecting a time-based delay payload into the 'FUNID' parameter. The payload uses 'waitfor delay' to confirm the vulnerability, which can be further exploited to access or modify data.

Description

Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Juan de la Fuente Costa · textwebappsasp
https://www.exploit-db.com/exploits/31648

This exploit demonstrates a SQL injection vulnerability in Cezanne Software by injecting a time-based delay payload into the 'FUNID' parameter. The payload uses 'waitfor delay' to confirm the vulnerability, which can be further exploited to access or modify data.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cezanne Software 7
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Juan de la Fuente Costa · textwebappsasp
https://www.exploit-db.com/exploits/31649

This exploit demonstrates a SQL injection vulnerability in Cezanne Software by injecting a time-based delay payload. The payload uses the 'waitfor delay' technique to confirm the vulnerability.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cezanne Software 7
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3830
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/41816
Various Sources x_refsource_misc
http://www.s21sec.com/avisos/s21sec-43-en.txt
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/490843/100/0/threaded
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/28773

Scores

EPSS 0.0083
EPSS Percentile 52.9%

Details

CWE
CWE-89
Status published
Products (1)
cezannesw/cezanne 7
Published Apr 27, 2008
Tracked Since Feb 18, 2026