CVE-2008-2535
Phoenix View CMS Pre Alpha2 and earlier - SQL Injection via del Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-2535. PoCs published by tw8.
AI-analyzed exploit summary The document details multiple vulnerabilities in Phoenix View CMS <= Pre Alpha2, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides vulnerable code snippets, proof-of-concept URLs, and affected files, demonstrating a technical understanding of the vulnerabilities.
Description
Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.
Exploits (1)
The document details multiple vulnerabilities in Phoenix View CMS <= Pre Alpha2, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). It provides vulnerable code snippets, proof-of-concept URLs, and affected files, demonstrating a technical understanding of the vulnerabilities.