CVE-2008-5751

AlstraSoft Web Email Script Enterprise - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-5751. PoCs published by Salvatore Fresta, Bgh7.

AI-analyzed exploit summary The document describes multiple vulnerabilities in AlstraSoft E-Friends 4.96, including arbitrary file upload, local file inclusion, and SQL injection. It provides technical details and example URLs for exploitation but does not include functional exploit code.

Description

SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/15335

View Code ZIP pw:eip

The document describes multiple vulnerabilities in AlstraSoft E-Friends 4.96, including arbitrary file upload, local file inclusion, and SQL injection. It provides technical details and example URLs for exploitation but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Theoretical

Target: AlstraSoft E-Friends 4.96

No auth needed

Prerequisites: register_globals = On (for LFI) · magic_quotes_gpc = Off (for SQLi) · valid group identification value (for file upload)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Bgh7 · textwebappsphp

https://www.exploit-db.com/exploits/7596

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in AlstraSoft Web Email Script Enterprise. The PoC uses a crafted URL to extract admin credentials via a UNION-based SQL injection attack.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: AlstraSoft Web Email Script Enterprise

No auth needed

Prerequisites: Target application must be running AlstraSoft Web Email Script Enterprise · SQL injection vulnerability must be present in the 'id' parameter

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4824

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33033

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7596

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-89

Status published

Products (1)

alstrasoft/web_email_script_enterprise _nil_

Published Dec 30, 2008

Tracked Since Feb 18, 2026