CVE-2008-2184

SMartBlog 1.3 - SQL Injection via mois an jour id or login Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2184.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Smartblog 3.8.6.8, allowing an attacker to extract user credentials via a crafted UNION SELECT query. The PoC includes a clear example of the malicious payload and its execution path.

Description

Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) mois, (2) an, (3) jour, and (4) id parameters to index.php, and the (5) login parameter to gestion/logon.php, different vectors than CVE-2008-2183. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/5535

This exploit demonstrates a SQL injection vulnerability in Smartblog 3.8.6.8, allowing an attacker to extract user credentials via a crafted UNION SELECT query. The PoC includes a clear example of the malicious payload and its execution path.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Smartblog 3.8.6.8
No auth needed
Prerequisites: Target running Smartblog 3.8.6.8 · Access to the vulnerable endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30057
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42245
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29043
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42190

Scores

EPSS 0.0096
EPSS Percentile 56.8%

Details

CWE
CWE-89
Status published
Products (1)
toocharger/smartblog 1.3
Published May 13, 2008
Tracked Since Feb 18, 2026