CVE-2008-4241

CJ Ultra Plus 1.0.4 - SQL Injection via SID Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4241. PoCs published by -SmoG-.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in CJ Ultra Plus <= v1.0.4 by manipulating the 'SID' cookie to extract the admin hash from the database. It uses LWP::UserAgent to send a crafted HTTP request and parses the response to retrieve the hash.

Description

SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via an SID cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by -SmoG- · perlwebappsphp
https://www.exploit-db.com/exploits/6536

This Perl script exploits a SQL injection vulnerability in CJ Ultra Plus <= v1.0.4 by manipulating the 'SID' cookie to extract the admin hash from the database. It uses LWP::UserAgent to send a crafted HTTP request and parses the response to retrieve the hash.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: CJ Ultra Plus <= v1.0.4
No auth needed
Prerequisites: Target URL with vulnerable CJ Ultra Plus installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6536
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31333
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4316
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2651
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45458

Scores

EPSS 0.0104
EPSS Percentile 59.6%

Details

CWE
CWE-89
Status published
Products (2)
cj/ultra_plus
cj/ultra_plus 1.0.3
Published Sep 25, 2008
Tracked Since Feb 18, 2026