CVE-2008-3489

PHPX 3.5.16 - SQL Injection via PXL Cookie in checkCookie Function

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3489. PoCs published by gnix.

AI-analyzed exploit summary The exploit describes a cookie poisoning vulnerability in PHPX 3.5.16, allowing an attacker to bypass authentication by manipulating the PXL cookie to inject SQL code, effectively logging in as any user, including admin.

Description

SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.

Exploits (1)

exploitdb WRITEUP VERIFIED
by gnix · textwebappsphp
https://www.exploit-db.com/exploits/6176

The exploit describes a cookie poisoning vulnerability in PHPX 3.5.16, allowing an attacker to bypass authentication by manipulating the PXL cookie to inject SQL code, effectively logging in as any user, including admin.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHPX 3.5.16
No auth needed
Prerequisites: Access to the target application · Ability to set arbitrary cookies
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44240
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30478
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4112
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6176

Scores

EPSS 0.0041
EPSS Percentile 61.8%

Details

CWE
CWE-89
Status published
Products (1)
phpx/phpx 3.5.16
Published Aug 06, 2008
Tracked Since Feb 18, 2026