CVE-2008-4364
ParsaGostar ParsaWeb CMS - SQL Injection via id or txtSearch Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4364. PoCs published by BugReport.IR.
AI-analyzed exploit summary This is a writeup detailing SQL injection vulnerabilities in ParsaWeb CMS, specifically in the 'id' and 'txtSearch' parameters. It provides exploit URLs but does not include executable code.
Description
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by BugReport.IR · textwebappsasp
https://www.exploit-db.com/exploits/6610
This is a writeup detailing SQL injection vulnerabilities in ParsaWeb CMS, specifically in the 'id' and 'txtSearch' parameters. It provides exploit URLs but does not include executable code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
ParsaWeb CMS
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31450
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4343
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/496799/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6610
Exploit x_refsource_misc
http://www.bugreport.ir/index_53.htm
Scores
EPSS
0.0115
EPSS Percentile
62.5%
Details
CWE
CWE-89
Status
published
Products (1)
parsagostar/parsaweb_cms
Published
Sep 30, 2008
Tracked Since
Feb 18, 2026