CVE-2008-5927

FlexPHPNews 0.0.6 - SQL Injection via User Check Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5927. PoCs published by Osirys.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in FlexPHPNews PRO 0.0.6, allowing authentication bypass by injecting a malformed SQL query into the login form. The vulnerability exists in the usercheck.php file due to improper input sanitization.

Description

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the (1) checkuser parameter (aka username field) or (2) checkpass parameter (aka password field) to admin/index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Osirys · textwebappsphp
https://www.exploit-db.com/exploits/7443

This exploit demonstrates an SQL injection vulnerability in FlexPHPNews PRO 0.0.6, allowing authentication bypass by injecting a malformed SQL query into the login form. The vulnerability exists in the usercheck.php file due to improper input sanitization.

Classification
Working Poc 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: FlexPHPNews PRO 0.0.6 and FlexPHPNews 0.0.6
No auth needed
Prerequisites: Access to the admin login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7443
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33114
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4927
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32810

Scores

EPSS 0.0111
EPSS Percentile 61.6%

Details

CWE
CWE-89
Status published
Products (1)
china-on-site/flexphpnews 0.0.6 (2 CPE variants)
Published Jan 21, 2009
Tracked Since Feb 18, 2026