CVE-2008-4717
ZEELYRICS 2.0 - SQL Injection via bannerclick.php adid Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2008-4717. PoCs published by Hussin X.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in ZEELYRICS v2.0 via the 'adid' parameter in bannerclick.php. The payload extracts admin credentials (name and password) using a UNION-based SQL injection technique.
Description
SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows remote attackers to execute arbitrary SQL commands via the adid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Hussin X · textwebappsphp
https://www.exploit-db.com/exploits/6608
This exploit demonstrates a SQL injection vulnerability in ZEELYRICS v2.0 via the 'adid' parameter in bannerclick.php. The payload extracts admin credentials (name and password) using a UNION-based SQL injection technique.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
ZEELYRICS v2.0
No auth needed
Prerequisites:
Access to the vulnerable bannerclick.php endpoint
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6608
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45508
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4479
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32020
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31449
Scores
EPSS
0.0042
EPSS Percentile
62.2%
Details
CWE
CWE-89
Status
published
Products (1)
zeeways/zeelyrics
2.0
Published
Oct 23, 2008
Tracked Since
Feb 18, 2026