CVE-2008-3212

Scripteen Free Image Hosting Script 1.2.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3212. PoCs published by RMx.

AI-analyzed exploit summary This PHP script exploits an information disclosure vulnerability in Scripteen Free Image Hosting Script V1.2 by sending a crafted HTTP request with a specific cookie to retrieve admin credentials from the settings.php page.

Description

Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RMx · phpwebappsphp
https://www.exploit-db.com/exploits/6070

This PHP script exploits an information disclosure vulnerability in Scripteen Free Image Hosting Script V1.2 by sending a crafted HTTP request with a specific cookie to retrieve admin credentials from the settings.php page.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Scripteen Free Image Hosting Script V1.2
No auth needed
Prerequisites: Target must be running Scripteen Free Image Hosting Script V1.2 · Target must be accessible via HTTP
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30216
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31083
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43772

Scores

EPSS 0.0095
EPSS Percentile 56.6%

Details

CWE
CWE-89
Status published
Products (1)
scripteen/free_image_hosting_script 1.2.1
Published Jul 18, 2008
Tracked Since Feb 18, 2026