CVE-2008-4332

Cannot Php Infoboard - SQL Injection

Title source: rule

Description

SQL injection vulnerability in the showjavatopic function in func.php in PHP infoBoard V.7 Plus allows remote attackers to execute arbitrary SQL commands via the idcat parameter to showtopic.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/6566

View Code ZIP pw:eip

References (4)

[Exploit] http://www.securityfocus.com/bid/31405

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45440

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6566

[Third Party Advisory] http://secunia.com/advisories/31977

Scores

EPSS 0.0029

EPSS Percentile 51.9%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

cannot/php_infoboard

Timeline

Published Sep 30, 2008

Tracked Since Feb 18, 2026