CVE-2008-6381
Bcoos < 1.0.13 - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by CWH Underground · perlwebappsphp
https://www.exploit-db.com/exploits/7317
References (5)
Scores
EPSS
0.0026
EPSS Percentile
49.3%
Details
CWE
CWE-89
Status
published
Products (5)
bcoos/bcoos
1.0.9
bcoos/bcoos
1.0.10
bcoos/bcoos
1.0.11
bcoos/bcoos
1.0.12
bcoos/bcoos
< 1.0.13
Published
Mar 02, 2009
Tracked Since
Feb 18, 2026