CVE-2008-2903

Advanced Webhost Billing System 2.3.3-2.7.1 - SQL Injection via News.php Viewnews Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2903. PoCs published by Mr.SQL.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in AWBS versions 2.3.3 to 2.7.1 via the 'viewnews' parameter in news.php. It provides a proof-of-concept SQLi payload to dump usernames and passwords from the users table.

Description

SQL injection vulnerability in news.php in Advanced Webhost Billing System (AWBS) 2.3.3 through 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the viewnews parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Mr.SQL · textwebappsphp
https://www.exploit-db.com/exploits/5823

This is a writeup describing a SQL injection vulnerability in AWBS versions 2.3.3 to 2.7.1 via the 'viewnews' parameter in news.php. It provides a proof-of-concept SQLi payload to dump usernames and passwords from the users table.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: AWBS (2.3.3 - 2.7.1)
No auth needed
Prerequisites: Access to the vulnerable news.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43110
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30646
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/5823
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29721

Scores

EPSS 0.0049
EPSS Percentile 65.5%

Details

CWE
CWE-89
Status published
Products (5)
awbs/advanced_webhost_billing_system 2.3.3
awbs/advanced_webhost_billing_system 2.5
awbs/advanced_webhost_billing_system 2.6.3
awbs/advanced_webhost_billing_system 2.7
awbs/advanced_webhost_billing_system 2.7.1
Published Jun 30, 2008
Tracked Since Feb 18, 2026