CVE-2008-5892

ClickAndEmail - SQL Injection via ID Parameter or Admin Credentials

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5892. PoCs published by AlpHaNiX.

AI-analyzed exploit summary The exploit demonstrates SQL injection, authentication bypass, and XSS vulnerabilities in ClickAndEmail software. It provides direct URLs with payloads to exploit these issues.

Description

Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by AlpHaNiX · textwebappsasp
https://www.exploit-db.com/exploits/7485

The exploit demonstrates SQL injection, authentication bypass, and XSS vulnerabilities in ClickAndEmail software. It provides direct URLs with payloads to exploit these issues.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass | Xss
Complexity
Trivial
Reliability
Reliable
Target: ClickAndEmail (version unspecified)
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33155
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32857
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4903
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7485

Scores

EPSS 0.0097
EPSS Percentile 57.4%

Details

CWE
CWE-89
Status published
Products (1)
icash/click\&email _nil_
Published Jan 12, 2009
Tracked Since Feb 18, 2026