CVE-2008-4073

Zanfi Autodealers CMS AutOnline - SQL Injection via pageid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4073. PoCs published by r45c4l.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Zanfi CMS lite / Autodealers CMS AutOnline. The PoC injects a UNION-based SQL query to extract database version, name, and user information.

Description

SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action.

Exploits (2)

exploitdb WORKING POC VERIFIED
by r45c4l · textwebappsphp
https://www.exploit-db.com/exploits/6426

This exploit demonstrates a SQL injection vulnerability in Zanfi CMS lite / Autodealers CMS AutOnline. The PoC injects a UNION-based SQL query to extract database version, name, and user information.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Zanfi CMS lite / Autodealers CMS AutOnline
No auth needed
Prerequisites: Target application must be running Zanfi CMS lite / Autodealers CMS AutOnline · The vulnerable endpoint must be accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/6433

This exploit demonstrates a SQL injection vulnerability in Autodealers CMS AutOnline by injecting a crafted SQL query via the 'id' parameter. The payload extracts database information, version, and user details through a UNION-based attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Autodealers CMS AutOnline
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45049
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4248
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31120
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2551
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6426

Scores

EPSS 0.0105
EPSS Percentile 59.6%

Details

CWE
CWE-89
Status published
Products (1)
zanfi_solutions/autodealers_cms_autonline
Published Sep 15, 2008
Tracked Since Feb 18, 2026