CVE-2008-4172

Cars & Vehicle Script - SQL Injection via lnkid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4172. PoCs published by Hussin X.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the Cars & Vehicle script by injecting a UNION-based query to extract database information such as user, version, and database name. The attack leverages improper sanitization of the 'lnkid' parameter in the URL.

Description

SQL injection vulnerability in page.php in Cars & Vehicle (aka Cars-Vehicle Script) allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/32388

This exploit demonstrates an SQL injection vulnerability in the Cars & Vehicle script by injecting a UNION-based query to extract database information such as user, version, and database name. The attack leverages improper sanitization of the 'lnkid' parameter in the URL.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cars & Vehicle script (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable web application · Knowledge of the vulnerable parameter ('lnkid')
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45210
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31214

Scores

EPSS 0.0097
EPSS Percentile 57.1%

Details

CWE
CWE-89
Status published
Products (1)
rfaah/cars-vehicles_script
Published Sep 22, 2008
Tracked Since Feb 18, 2026