CVE-2008-5841

iGaming <1.5 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Sweet · textwebappsphp

https://www.exploit-db.com/exploits/14820

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/6540

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45366

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6540

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31340

[Third Party Advisory] http://securityreason.com/securityalert/4867

Scores

EPSS 0.0052

EPSS Percentile 67.0%

Details

CWE

CWE-89

Status published

Products (3)

igamingcms/igaming_cms 1.3.1

igamingcms/igaming_cms 1.4.2

igamingcms/igaming_cms < 1.5

Published Jan 05, 2009

Tracked Since Feb 18, 2026