Exploitation Summary
EIP tracks 1 public exploit for CVE-2008-2509. PoCs published by Unohope.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Excuse Online, with example URLs demonstrating the exploit. It lacks executable code but outlines the attack vector.
Description
SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Unohope · textwebappsasp
https://www.exploit-db.com/exploits/31843
The provided text describes an SQL injection vulnerability in Excuse Online, with example URLs demonstrating the exploit. It lacks executable code but outlines the attack vector.
Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
Excuse Online (version unspecified)
No auth needed
Prerequisites:
Access to the target URL
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.chroot.org/exploits/chroot_uu_002
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42643
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29370
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/492580/100/0/threaded
Scores
EPSS
0.0096
EPSS Percentile
56.9%
Details
CWE
CWE-89
Status
published
Products (1)
excuse_online/excuse_online
Published
May 29, 2008
Tracked Since
Feb 18, 2026