CVE-2008-5333

NitroTech 0.0.3a - SQL Injection via members.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5333. PoCs published by Osirys.

AI-analyzed exploit summary This is a technical writeup detailing two vulnerabilities in Nitrotech CMS 0.0.3a: a remote file inclusion (RFI) due to an uninitialized variable and an SQL injection via unsanitized user input. The writeup includes code snippets and exploit examples.

Description

SQL injection vulnerability in members.php in NitroTech 0.0.3a allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Osirys · textwebappsphp
https://www.exploit-db.com/exploits/7218

This is a technical writeup detailing two vulnerabilities in Nitrotech CMS 0.0.3a: a remote file inclusion (RFI) due to an uninitialized variable and an SQL injection via unsanitized user input. The writeup includes code snippets and exploit examples.

Classification
Writeup 95%
Attack Type
Sqli | Rce
Complexity
Trivial
Reliability
Reliable
Target: Nitrotech CMS 0.0.3a
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7218
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4691
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46822
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32458

Scores

EPSS 0.0101
EPSS Percentile 58.6%

Details

CWE
CWE-89
Status published
Products (1)
nitrotech/nitrotech 0.0.3a
Published Dec 05, 2008
Tracked Since Feb 18, 2026