CVE-2008-4378

Hot Links SQL-PHP < 3.0 - SQL Injection via Report ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4378. PoCs published by ThE g0bL!N, sl4xUz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in MRCGIGUY Hot Links SQL (PHP) via the 'id' parameter in report.php. The PoC uses a UNION-based SQLi to extract database version, name, and user information.

Description

SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links SQL-PHP 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · textwebappsphp

https://www.exploit-db.com/exploits/8918

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in MRCGIGUY Hot Links SQL (PHP) via the 'id' parameter in report.php. The PoC uses a UNION-based SQLi to extract database version, name, and user information.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: MRCGIGUY Hot Links SQL (PHP)

No auth needed

Prerequisites: Access to the report.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by sl4xUz · textwebappsphp

https://www.exploit-db.com/exploits/6403

View Code ZIP pw:eip

The code describes SQL injection and XSS vulnerabilities in Hot Links SQL-PHP 3's report.php via the 'id' parameter. It provides PoC URLs but no executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Hot Links SQL-PHP 3 and prior versions

No auth needed

Prerequisites: Access to the vulnerable report.php endpoint

MITRE ATT&CK