CVE-2008-4241

CJ Ultra Plus - SQL Injection

Title source: rule

Description

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by -SmoG- · perlwebappsphp
https://www.exploit-db.com/exploits/6536

References (5)

Scores

EPSS 0.0042
EPSS Percentile 62.1%

Details

CWE
CWE-89
Status published
Products (2)
cj/ultra_plus
cj/ultra_plus 1.0.3
Published Sep 25, 2008
Tracked Since Feb 18, 2026