CVE-2008-6274

FamilyProject 2.0 - SQL Injection via Login or Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6274. PoCs published by The_5p3ctrum.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in FamilyProject 2.0. It provides a demo exploit URL and credentials to bypass authentication.

Description

Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by The_5p3ctrum · textwebappsphp

https://www.exploit-db.com/exploits/7248

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in FamilyProject 2.0. It provides a demo exploit URL and credentials to bypass authentication.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: FamilyProject 2.0

No auth needed

Prerequisites: access to the login page of the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46929

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32900

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32501

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/50314

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7248

Scores

EPSS 0.0098

EPSS Percentile 57.8%

Details

CWE

CWE-89

Status published

Products (1)

mjcreation/familyproject 2.0

Published Feb 25, 2009

Tracked Since Feb 18, 2026