CVE-2008-5952

KTP Computer Customer Database - Authenticated SQL Injection via tid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5952. PoCs published by CWH Underground.

AI-analyzed exploit summary The exploit demonstrates a blind SQL injection vulnerability in KTPCCD CMS by manipulating the 'tid' parameter in a URL. It includes proof-of-concept payloads to verify the vulnerability by checking the MySQL version.

Description

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a vtech action to the default URI.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/7305

View Code ZIP pw:eip

The exploit demonstrates a blind SQL injection vulnerability in KTPCCD CMS by manipulating the 'tid' parameter in a URL. It includes proof-of-concept payloads to verify the vulnerability by checking the MySQL version.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: KTP Computer Customer Database CMS version 1

Auth required

Prerequisites: Magic_quotes must be off · User must be logged in or registered

MITRE ATT&CK