CVE-2008-5775

Aperto Blog 0.1.1 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5775. PoCs published by NoGe.

AI-analyzed exploit summary The code describes Local File Inclusion (LFI) and SQL Injection vulnerabilities in Aperto Blog 0.1.1. It highlights vulnerable parameters in admin.php, index.php, and categories.php but does not include functional exploit code.

Description

SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by NoGe · textwebappsphp
https://www.exploit-db.com/exploits/7482

The code describes Local File Inclusion (LFI) and SQL Injection vulnerabilities in Aperto Blog 0.1.1. It highlights vulnerable parameters in admin.php, index.php, and categories.php but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Aperto Blog 0.1.1
No auth needed
Prerequisites: Access to vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7482
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4844
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47346
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32853

Scores

EPSS 0.0097
EPSS Percentile 57.0%

Details

CWE
CWE-89
Status published
Products (1)
apertoblog/apertoblog 0.1.1
Published Dec 30, 2008
Tracked Since Feb 18, 2026