CVE-2008-4159

Jaw Portal and Zanfi CMS Lite - SQL Injection via Page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4159. PoCs published by Cru3l.b0y.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Zanfi CMS lite / Jaw Portal free by injecting a crafted SQL query via the 'page' parameter in the URL. The payload retrieves database version and user information.

Description

SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Cru3l.b0y · textwebappsphp
https://www.exploit-db.com/exploits/6423

The exploit demonstrates a SQL injection vulnerability in Zanfi CMS lite / Jaw Portal free by injecting a crafted SQL query via the 'page' parameter in the URL. The payload retrieves database version and user information.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Zanfi CMS lite / Jaw Portal free
No auth needed
Prerequisites: Access to the target web application
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45029
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31116
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6423
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4283

Scores

EPSS 0.0101
EPSS Percentile 59.0%

Details

CWE
CWE-89
Status published
Products (2)
zanfi_solutions/jaw_portal
zanfi_solutions/zanfi_cms_lite
Published Sep 22, 2008
Tracked Since Feb 18, 2026