CVE-2008-2190

Online Rent Property Script <= 5.0 - SQL Injection via pid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2190. PoCs published by UnderTaker HaCkEr, K-159.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in OnlineRent v5.0 via the 'pid' parameter in the 'index.php' script. The provided URL-encoded payload extracts admin credentials from the database.

Description

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

Exploits (2)

exploitdb WORKING POC VERIFIED
by UnderTaker HaCkEr · textwebappsphp
https://www.exploit-db.com/exploits/8711

This exploit demonstrates a SQL injection vulnerability in OnlineRent v5.0 via the 'pid' parameter in the 'index.php' script. The provided URL-encoded payload extracts admin credentials from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: OnlineRent v5.0
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/5542

This exploit demonstrates a blind SQL injection vulnerability in Online Rental Property Script <= 4.5 via the 'pid' parameter. It allows remote attackers to extract admin credentials (username and MD5 password hash) when magic_quotes is disabled.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Online Rental Property Script <= 4.5
No auth needed
Prerequisites: magic_quotes disabled in PHP configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (12)

Core 12
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/8711
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30090
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35147
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42191
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1366
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491816/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35005
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5542
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/491607/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3875

Scores

EPSS 0.0217
EPSS Percentile 79.9%

Details

CWE
CWE-89
Status published
Products (4)
romedchim_international_srl/online_rent_property_script 4.2
romedchim_international_srl/online_rent_property_script 4.3
romedchim_international_srl/online_rent_property_script 4.4
romedchim_international_srl/online_rent_property_script < 4.5
Published May 14, 2008
Tracked Since Feb 18, 2026