CVE-2008-4205

Attachmax Dolphin - SQL Injection via Category Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4205. PoCs published by K-159.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Description

SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by K-159 · textwebappsphp

https://www.exploit-db.com/exploits/6468

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Attachmax Dolphin <= 2.1.0, including Remote File Inclusion (RFI), information disclosure, and Blind SQL Injection. It provides proof-of-concept URLs and technical descriptions but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Rfi | Sqli | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Attachmax Dolphin <= 2.1.0

No auth needed

Prerequisites: register_globals enabled for RFI · access to vulnerable endpoints

MITRE ATT&CK