CVE-2008-3034

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3034. PoCs published by CWH Underground.

AI-analyzed exploit summary The provided text describes SQL injection and authentication bypass vulnerabilities in RSS-aggregator 1.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.

Description

Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/32002

View Code ZIP pw:eip

The provided text describes SQL injection and authentication bypass vulnerabilities in RSS-aggregator 1.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.

Classification

Writeup 80%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: RSS-aggregator 1.0

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →