CVE-2008-3563

Plogger <= 3.0 - SQL Injection via checked Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3563. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed writeup describing SQL injection and arbitrary file disclosure vulnerabilities in Plogger <= 3.0. It includes proof-of-concept URLs and explanations of how the vulnerabilities can be exploited to gain admin credentials or execute arbitrary code.

Description

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6204

View Code ZIP pw:eip

This is a detailed writeup describing SQL injection and arbitrary file disclosure vulnerabilities in Plogger <= 3.0. It includes proof-of-concept URLs and explanations of how the vulnerabilities can be exploited to gain admin credentials or execute arbitrary code.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Plogger <= 3.0

No auth needed

Prerequisites: Access to the vulnerable Plogger installation

MITRE ATT&CK