CVE-2008-3152

SmartPPC/Pro - SQL Injection

Title source: llm

Description

SQL injection vulnerability in directory.php in SmartPPC and SmartPPC Pro allows remote attackers to execute arbitrary SQL commands via the idDirectory parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ka0x · perlwebappsphp

https://www.exploit-db.com/exploits/6019

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Hamtaro · textwebappsphp

https://www.exploit-db.com/exploits/6014

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2013/references

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6019

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6014

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/30111

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/43597

Scores

EPSS 0.0065

EPSS Percentile 70.9%

Details

CWE

CWE-89

Status published

Products (2)

orbitscripts/smartppc

orbitscripts/smartppc_pro

Published Jul 11, 2008

Tracked Since Feb 18, 2026