CVE-2008-4185

webCMS Portal Edition - SQL Injection via id Parameter in documentos Action

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4185. PoCs published by JosS.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in webCMS Portal Edition by injecting malicious SQL queries into the 'id' parameter of index.php. It uses multi-threading to brute-force character extraction from the database, specifically targeting user credentials.

Description

SQL injection vulnerability in index.php in webCMS Portal Edition allows remote attackers to execute arbitrary SQL commands via the id parameter in a documentos action, a different vector than CVE-2008-3213.

Exploits (1)

exploitdb WORKING POC VERIFIED
by JosS · perlwebappsphp
https://www.exploit-db.com/exploits/6370

This Perl script exploits a blind SQL injection vulnerability in webCMS Portal Edition by injecting malicious SQL queries into the 'id' parameter of index.php. It uses multi-threading to brute-force character extraction from the database, specifically targeting user credentials.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: webCMS Portal Edition (version not specified)
No auth needed
Prerequisites: Target URL with vulnerable 'id' parameter · Pattern in HTML response to confirm vulnerability
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31775
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4314
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31153
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45448
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6370

Scores

EPSS 0.0115
EPSS Percentile 62.7%

Details

CWE
CWE-89
Status published
Products (1)
webcms/webcms_portal_edition
Published Sep 23, 2008
Tracked Since Feb 18, 2026