CVE-2008-6165

CSPartner 0.1 - SQL Injection via Pseudo or Passe Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6165. PoCs published by StAkeR.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in CSPartner 1.0, allowing an attacker to delete all users by manipulating the 'erase' parameter in the admin interface. The exploit automates the process by extracting user IDs and sending deletion requests.

Description

SQL injection vulnerability in gestion.php in CSPartner 0.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) pseudo and (2) passe parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by StAkeR · phpwebappsphp
https://www.exploit-db.com/exploits/6814

This exploit targets a SQL injection vulnerability in CSPartner 1.0, allowing an attacker to delete all users by manipulating the 'erase' parameter in the admin interface. The exploit automates the process by extracting user IDs and sending deletion requests.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: CSPartner 1.0
No auth needed
Prerequisites: Access to the admin interface URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46067
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31886
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32376
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6814

Scores

EPSS 0.0095
EPSS Percentile 56.5%

Details

CWE
CWE-89
Status published
Products (1)
easy-script/cspartner 0.1
Published Feb 19, 2009
Tracked Since Feb 18, 2026