CVE-2008-5088

Knowledgebase-script Phpkb Knowledge Base Software - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in PHPKB Knowledge Base Software 1.5 Professional allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) email.php and (2) question.php, a different vector than CVE-2008-1909.

Exploits (2)

exploitdb WORKING POC VERIFIED

by d3v1l · textwebappsphp

https://www.exploit-db.com/exploits/6510

View Code ZIP pw:eip

exploitdb WORKING POC

by R3d-D3V!L · textwebappsphp

https://www.exploit-db.com/exploits/12561

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4599

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31279

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6510

Scores

EPSS 0.0045

EPSS Percentile 63.8%

Details

CWE

CWE-89

Status published

Products (1)

knowledgebase-script/phpkb_knowledge_base_software 1.5 _nil_

Published Nov 14, 2008

Tracked Since Feb 18, 2026