CVE-2008-2907

WebChamado 1.1 - SQL Injection via eml Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2907. PoCs published by CWH Underground.

AI-analyzed exploit summary This exploit leverages an SQL injection vulnerability in WebChamado 1.1 to bypass authentication and add an arbitrary user with administrative privileges. It uses Perl with LWP to automate the attack, requiring magic_quotes_gpc to be off.

Description

SQL injection vulnerability in admin/index.php in WebChamado 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the eml parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · perlwebappsphp

https://www.exploit-db.com/exploits/5798

View Code ZIP pw:eip

This exploit leverages an SQL injection vulnerability in WebChamado 1.1 to bypass authentication and add an arbitrary user with administrative privileges. It uses Perl with LWP to automate the attack, requiring magic_quotes_gpc to be off.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WebChamado 1.1

No auth needed

Prerequisites: magic_quotes_gpc = off · target URL · user email

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30690

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29701

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43060

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5798

Scores

EPSS 0.0091

EPSS Percentile 55.3%

Details

CWE

CWE-89

Status published

Products (1)

webchamado/webchamado 1.1

Published Jun 30, 2008

Tracked Since Feb 18, 2026