CVE-2008-3762

Turnkey PHP Live Helper <2.0.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3762. PoCs published by GulfTech Security.

AI-analyzed exploit summary The writeup details multiple vulnerabilities in PHP Live Helper <= 2.0.1, including SQL injection, arbitrary variable overwriting, and remote code execution via register globals emulation flaws. It provides technical analysis and proof-of-concept examples for each vulnerability.

Description

SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6261

View Code ZIP pw:eip

The writeup details multiple vulnerabilities in PHP Live Helper <= 2.0.1, including SQL injection, arbitrary variable overwriting, and remote code execution via register globals emulation flaws. It provides technical analysis and proof-of-concept examples for each vulnerability.

Classification

Writeup 100%

Attack Type

Sqli | Rce | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP Live Helper <= 2.0.1

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK