CVE-2008-4620

Mrbs < 1.2.6 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Xianur0 · perlwebappsphp

https://www.exploit-db.com/exploits/6781

View Code ZIP pw:eip

References (5)

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2865

[Third Party Advisory] http://securityreason.com/securityalert/4450

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45972

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31809

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6781

Scores

EPSS 0.0042

EPSS Percentile 62.1%

Details

CWE

CWE-89

Status published

Products (17)

mrbs/mrbs 0.5

mrbs/mrbs 0.6

mrbs/mrbs 0.7

mrbs/mrbs 0.8 (7 CPE variants)

mrbs/mrbs 0.9 pre-1 (2 CPE variants)

mrbs/mrbs 0.9.1

mrbs/mrbs 0.9.2

mrbs/mrbs 1.0 (3 CPE variants)

mrbs/mrbs 1.1 (3 CPE variants)

mrbs/mrbs 1.2 (4 CPE variants)

... and 7 more

Published Oct 21, 2008

Tracked Since Feb 18, 2026