CVE-2008-5956

PHPSTREET Webboard 1.0 - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-5956. PoCs published by CWH Underground.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in Wbstreet v1.0 via the 'id' parameter in show.php. It includes a crafted URL to extract user credentials from the MySQL database.

Description

Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request to connect.inc.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/7337

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in Wbstreet v1.0 via the 'id' parameter in show.php. It includes a crafted URL to extract user credentials from the MySQL database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Wbstreet v1.0

No auth needed

Prerequisites: Access to the vulnerable show.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7337

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32994

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47074

Scores

EPSS 0.0314

EPSS Percentile 86.2%

Details

CWE

CWE-264

Status published

Products (1)

phpstreet/webboard 1.0

Published Jan 23, 2009

Tracked Since Feb 18, 2026