CVE-2008-4736

RPG.Board <= 0.8 Beta2 - SQL Injection via showtopic Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4736. PoCs published by 0x90.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in RPG.Board <= 0.0.8Beta2. It allows an attacker to extract user credentials (username and password) from the database by manipulating the 'showtopic' parameter in the URL.

Description

SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by 0x90 · textwebappsphp
https://www.exploit-db.com/exploits/6589

This exploit demonstrates a SQL injection vulnerability in RPG.Board <= 0.0.8Beta2. It allows an attacker to extract user credentials (username and password) from the database by manipulating the 'showtopic' parameter in the URL.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: RPG.Board <= 0.0.8Beta2
Auth required
Prerequisites: Valid user account on the target RPG.Board instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4483
Exploit mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=122244414700901&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/45444
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31417
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6589

Scores

EPSS 0.0100
EPSS Percentile 58.2%

Details

CWE
CWE-89
Status published
Products (3)
aves/rpg_board 0.0.8 beta_2
aves/rpg_board 0.8 beta_1
aves/rpg_board < 0.8
Published Oct 24, 2008
Tracked Since Feb 18, 2026