CVE-2008-4757

php-daily - SQL Injection via id or prev Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-4757. PoCs published by 0xFFFFFF.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in PHPdaily, including SQL injection, XSS, and local file download vulnerabilities. It provides specific exploit paths and parameters but does not include functional exploit code.

Description

Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d) prest_detail.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by 0xFFFFFF · textwebappsphp
https://www.exploit-db.com/exploits/6833

This is a technical writeup detailing multiple vulnerabilities in PHPdaily, including SQL injection, XSS, and local file download vulnerabilities. It provides specific exploit paths and parameters but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHPdaily (version N/A)
Auth required
Prerequisites: User authentication · Access to vulnerable endpoints
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31915
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46125
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6833

Scores

EPSS 0.0100
EPSS Percentile 58.3%

Details

CWE
CWE-89
Status published
Products (1)
php-daily/php-daily
Published Oct 28, 2008
Tracked Since Feb 18, 2026