CVE-2008-3762

Turnkey PHP Live Helper <2.0.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/6261

View Code ZIP pw:eip

References (7)

[Vendor Advisory] http://secunia.com/advisories/31521

[Exploit] http://www.gulftech.org/?node=research&article_id=00124-08162008

[Exploit] http://www.securityfocus.com/bid/30729

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/495542/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6261

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/44568

[Third Party Advisory] http://securityreason.com/securityalert/4178

Scores

EPSS 0.0103

EPSS Percentile 77.0%

Classification

CWE

CWE-89

Status draft

Affected Products (8)

turnkeywebtools/php_live_helper < 2.0.1

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

turnkeywebtools/php_live_helper

Timeline

Published Aug 21, 2008

Tracked Since Feb 18, 2026