CVE-2008-1990

Acidcat CMS 3.4.1 - SQL Injection via cID or Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-1990. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Description

Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5478

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Acidcat CMS 3.4.1, including SQL injection for credential theft, authentication bypass, XSS, and unauthorized file upload via FCKEditor. It provides functional PoC code for these issues.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Acidcat CMS 3.4.1

No auth needed

Prerequisites: Network access to the target web application

MITRE ATT&CK