CVE-2008-2862

eLineStudio Site Composer < 2.6 - SQL Injection via id or template_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2862. PoCs published by BugReport.IR.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in eLineStudio Site Composer (ESC) <=2.6, including SQL injection, XSS, and arbitrary folder deletion/creation. It provides functional proof-of-concept URLs for each vulnerability.

Description

Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

Exploits (1)

exploitdb WORKING POC VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/5859

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in eLineStudio Site Composer (ESC) <=2.6, including SQL injection, XSS, and arbitrary folder deletion/creation. It provides functional proof-of-concept URLs for each vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: eLineStudio Site Composer (ESC) <=2.6

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK