CVE-2008-5487

TurnkeyForms Text Link Sales - Cross-Site Scripting via admin.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5487. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates SQL injection and XSS vulnerabilities in TurnkeyForms Text Link Sales software. The SQLi allows retrieval of database information, while the XSS can execute arbitrary JavaScript in the admin interface.

Description

Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to inject arbitrary web script or HTML via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ZoRLu · textwebappsphp
https://www.exploit-db.com/exploits/7124

This exploit demonstrates SQL injection and XSS vulnerabilities in TurnkeyForms Text Link Sales software. The SQLi allows retrieval of database information, while the XSS can execute arbitrary JavaScript in the admin interface.

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: TurnkeyForms Text Link Sales (version unspecified)
No auth needed
Prerequisites: Access to the admin.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46632
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32732
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32308
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7124
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4719

Scores

EPSS 0.0157
EPSS Percentile 72.1%

Details

CWE
CWE-79
Status published
Products (1)
turnkeyforms/text_link_sales
Published Dec 12, 2008
Tracked Since Feb 18, 2026