CVE-2008-3748

Active PHP Bookmarks <1.2.06 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-3748. PoCs published by Mr.Elgaarh, Hussin X.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Active PHP Bookmarks v1.3. It provides examples of exploiting the vulnerability to extract admin credentials but does not include functional exploit code.

Description

SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Mr.Elgaarh · textwebappsphp

https://www.exploit-db.com/exploits/10597

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Active PHP Bookmarks v1.3. It provides examples of exploiting the vulnerability to extract admin credentials but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Active PHP Bookmarks v1.3

No auth needed

Prerequisites: Target running Active PHP Bookmarks v1.3 · Access to the vulnerable endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/6277

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Active PHP Bookmarks v1.1.02, allowing an attacker to extract user credentials (username and password) from the database via a crafted UNION-based SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Active PHP Bookmarks v1.1.02

No auth needed

Prerequisites: Target must be running Active PHP Bookmarks v1.1.02 · The vulnerable endpoint must be accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30757

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/44548

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6277

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31544

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4174

Scores

EPSS 0.0101

EPSS Percentile 58.6%

Details

CWE

CWE-89

Status published

Products (4)

lbstone/active_php_bookmarks 1.1.02

lbstone/active_php_bookmarks 1.2.06

lbstone/apb 1.1.02

lbstone/apb 1.2.06

Published Aug 21, 2008

Tracked Since Feb 18, 2026