CVE-2008-2535

Phoenix View CMS Pre Alpha2 and earlier - SQL Injection via del Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2535. PoCs published by tw8.

AI-analyzed exploit summary The document details multiple vulnerabilities in Phoenix View CMS <= Pre Alpha2, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides vulnerable code snippets, proof-of-concept URLs, and affected files, demonstrating a technical understanding of the vulnerabilities.

Description

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.

Exploits (1)

exploitdb WRITEUP VERIFIED
by tw8 · textwebappsphp
https://www.exploit-db.com/exploits/5578

The document details multiple vulnerabilities in Phoenix View CMS <= Pre Alpha2, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides vulnerable code snippets, proof-of-concept URLs, and affected files, demonstrating a technical understanding of the vulnerabilities.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Phoenix View CMS <= Pre Alpha2
No auth needed
Prerequisites: Access to the admin interface or vulnerable endpoints
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5578
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42316

Scores

EPSS 0.0093
EPSS Percentile 56.2%

Details

CWE
CWE-89
Status published
Products (1)
fkrauthan/phoenix_view_cms 2-pre-alpha
Published Jun 03, 2008
Tracked Since Feb 18, 2026