CVE-2008-4643
myWebland myStats - SQL Injection via hits.php sortby Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4643. PoCs published by JosS.
AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in myStats (hits.php): IP block bypass via HTTP header manipulation (X-Forwarded-For) and SQL injection via the 'sortby' parameter. Both are validated with proof-of-concept Perl scripts.
Description
SQL injection vulnerability in hits.php in myWebland myStats allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by JosS · textwebappsphp
https://www.exploit-db.com/exploits/6759
The exploit demonstrates two vulnerabilities in myStats (hits.php): IP block bypass via HTTP header manipulation (X-Forwarded-For) and SQL injection via the 'sortby' parameter. Both are validated with proof-of-concept Perl scripts.
Classification
Working Poc 95%
Attack Type
Sqli | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
myStats (hits.php) by mywebland.com
No auth needed
Prerequisites:
Target application accessible via HTTP · Perl environment with LWP::UserAgent and HTTP::Request modules
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4455
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6759
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32289
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31772
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45917
Scores
EPSS
0.0100
EPSS Percentile
58.3%
Details
CWE
CWE-89
Status
published
Products (1)
mywebland/mystats
Published
Oct 22, 2008
Tracked Since
Feb 18, 2026