CVE-2008-6262

SaturnCMS - SQL Injection via Translate Function URL Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6262.

AI-analyzed exploit summary The exploit demonstrates a blind SQL injection vulnerability in SaturnCMS's 'view' parameter, allowing unauthorized data extraction. It also includes an authentication bypass technique using SQL injection in the login form.

Description

SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS allows remote attackers to execute arbitrary SQL commands via the URL to the translate function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/7147

View Code ZIP pw:eip

The exploit demonstrates a blind SQL injection vulnerability in SaturnCMS's 'view' parameter, allowing unauthorized data extraction. It also includes an authentication bypass technique using SQL injection in the login form.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: SaturnCMS

No auth needed

Prerequisites: Access to the vulnerable SaturnCMS application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46651

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32726

Scores

EPSS 0.0091

EPSS Percentile 55.0%

Details

CWE

CWE-89

Status published

Products (1)

infireal/saturncms

Published Feb 24, 2009

Tracked Since Feb 18, 2026