CVE-2008-5489

ClipShare Pro <2008 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5489. PoCs published by Esac, snakespc.

AI-analyzed exploit summary The exploit demonstrates multiple blind SQL injection vulnerabilities in ClipShare 4.1.4 by manipulating input parameters (e.g., gid, chid, UID) in various PHP files. The PoC uses boolean-based conditions (AND 1=1/AND 1=2) to confirm vulnerability via differential page responses.

Description

SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, and 2006 through 2007, allows remote attackers to execute arbitrary SQL commands via the chid parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Esac · textwebappsphp
https://www.exploit-db.com/exploits/24894

The exploit demonstrates multiple blind SQL injection vulnerabilities in ClipShare 4.1.4 by manipulating input parameters (e.g., gid, chid, UID) in various PHP files. The PoC uses boolean-based conditions (AND 1=1/AND 1=2) to confirm vulnerability via differential page responses.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: ClipShare - Video Sharing Community Script 4.1.4
No auth needed
Prerequisites: MAGIC_QUOTES_GPC must be disabled on the server · Target must have vulnerable ClipShare version installed
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by snakespc · textwebappsphp
https://www.exploit-db.com/exploits/7128

This exploit demonstrates a SQL injection vulnerability in clipShare's channel_detail.php, allowing an attacker to extract user credentials (username and password) from the signup table via a UNION-based attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: clipShare (version not specified)
No auth needed
Prerequisites: Access to the vulnerable clipShare instance · channel_detail.php endpoint exposed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32723
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/3170
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32311
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46629
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7128
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4713

Scores

EPSS 0.0115
EPSS Percentile 62.8%

Details

CWE
CWE-89
Status published
Products (1)
clip-share/clipshare 4
Published Dec 12, 2008
Tracked Since Feb 18, 2026