CVE-2008-4178

Downline Goldmine Builder and Addons - SQL Injection via id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2008-4178. PoCs published by Hussin X.

AI-analyzed exploit summary This is a SQL injection exploit targeting the 'tr.php' script in the 'paidversion' software. It uses a UNION-based SQLi to extract database information including user, version, and database name.

Description

SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

Exploits (4)

exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6950

This is a SQL injection exploit targeting the 'tr.php' script in the 'paidversion' software. It uses a UNION-based SQLi to extract database information including user, version, and database name.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: paidversion (specific version not specified)
No auth needed
Prerequisites: Target application with vulnerable 'tr.php' script · Exposed 'id' parameter in URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6951

This exploit demonstrates a SQL injection vulnerability in the 'tr.php' script of the New Downline Builder software. The PoC uses a UNION-based SQLi to extract database information, including user, version, and database name.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: New Downline Builder (version unspecified)
No auth needed
Prerequisites: Target application with vulnerable 'tr.php' script · Exposed 'id' parameter in URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6947

This exploit demonstrates a SQL injection vulnerability in the 'tr.php' script of the Category Addon software. The PoC uses a UNION-based SQLi to extract database information including user, version, and database name.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Category Addon (specific version not specified)
No auth needed
Prerequisites: Target application with vulnerable 'tr.php' script · Access to the 'tr.php' endpoint with an 'id' parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6946

This exploit demonstrates a SQL injection vulnerability in Downline Goldmine Builder via the 'id' parameter in tr.php. The payload uses a UNION-based attack to extract database information including user, version, and database name.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Downline Goldmine Builder (version unspecified)
No auth needed
Prerequisites: Target application with vulnerable tr.php endpoint · Database with accessible tables matching the UNION SELECT structure
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6947
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2993
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2992
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45128
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31169
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6950
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6951
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2995
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6946
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31812
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2994

Scores

EPSS 0.0338
EPSS Percentile 87.2%

Details

CWE
CWE-89
Status published
Products (5)
downline_goldmine/builder
downline_goldmine/builder special_category_addon
downline_goldmine/builder unknown unknown
downline_goldmine/new_addon
downline_goldmine/new_addon pro
Published Sep 23, 2008
Tracked Since Feb 18, 2026