CVE-2008-3756

YourFreeWorld Viral Marketing Script - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3756. PoCs published by Hussin X.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Viral Marketing software by injecting a UNION-based query to extract admin credentials from the 'adminsettings' table. The payload concatenates username and password fields with colons for easy extraction.

Description

SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6941

This exploit demonstrates a SQL injection vulnerability in Viral Marketing software by injecting a UNION-based query to extract admin credentials from the 'adminsettings' table. The payload concatenates username and password fields with colons for easy extraction.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Viral Marketing (2008 version)
No auth needed
Prerequisites: Access to the vulnerable 'tr.php' endpoint with an 'id' parameter
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44562
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/30764
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6941
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31541
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2984

Scores

EPSS 0.0115
EPSS Percentile 62.5%

Details

CWE
CWE-89
Status published
Products (1)
yourfreeworld/viral_marketing_script
Published Aug 21, 2008
Tracked Since Feb 18, 2026