CVE-2008-6333

Matthew General Rss Simple News - SQL Injection

Title source: rule

Description

SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Piker · perlwebappsphp

https://www.exploit-db.com/exploits/7541

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/32962

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7541

Scores

EPSS 0.0036

EPSS Percentile 58.3%

Details

CWE

CWE-89

Status published

Products (1)

matthew_general/rss_simple_news

Published Feb 27, 2009

Tracked Since Feb 18, 2026