CVE-2008-2968

Academic Web Tools < 1.4.2.8 - SQL Injection via rating.php book_id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2968.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional PoC examples for each vulnerability, such as path traversal via 'dfile' parameter and SQLi via 'book_id'.

Description

SQL injection vulnerability in rating.php in Academic Web Tools (AWT YEKTA) 1.4.3.1, and 1.4.2.8 and earlier, allows remote attackers to execute arbitrary SQL commands via the book_id parameter.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5861

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Academic Web Tools CMS, including directory traversal, SQL injection, XSS, and session fixation. It provides functional PoC examples for each vulnerability, such as path traversal via 'dfile' parameter and SQLi via 'book_id'.

Classification

Working Poc 95%

Attack Type

Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Academic Web Tools CMS 1.4.2.8 and prior

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK