CVE-2008-2394

TAGWORX.CMS 3.00.02 - SQL Injection via cid or nid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2394. PoCs published by dun.

AI-analyzed exploit summary The exploit demonstrates a remote SQL injection vulnerability in TAGWORX.CMS via the 'cid' and 'nid' parameters in contact.php and news.php, respectively. It uses UNION-based SQLi to extract user credentials from the 't_user' table.

Description

Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter to contact.php and the (2) nid parameter to news.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by dun · textwebappsphp
https://www.exploit-db.com/exploits/5642

The exploit demonstrates a remote SQL injection vulnerability in TAGWORX.CMS via the 'cid' and 'nid' parameters in contact.php and news.php, respectively. It uses UNION-based SQLi to extract user credentials from the 't_user' table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: TAGWORX.CMS
No auth needed
Prerequisites: Access to the vulnerable contact.php or news.php endpoints
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30149
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1561/references
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5642
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42512

Scores

EPSS 0.0104
EPSS Percentile 59.5%

Details

CWE
CWE-89
Status published
Products (1)
tagworx/tagworx_cms 3.00.02
Published May 21, 2008
Tracked Since Feb 18, 2026