CVE-2008-6509

Openfire < 3.6.0a - SQL Injection via SIP Plugin CallLogDAO Type Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6509. PoCs published by Andreas Kurtz.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Description

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Andreas Kurtz · textwebappsjsp

https://www.exploit-db.com/exploits/7075

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Openfire Server <= 3.6.0a, including authentication bypass, SQL injection, and XSS. It provides technical descriptions and proof-of-concept examples for each vulnerability.

Classification

Writeup 100%

Attack Type

Auth Bypass | Sqli | Xss

Complexity

Moderate

Reliability

Reliable

Target: Openfire Server <= 3.6.0a

No auth needed

Prerequisites: Access to the Openfire admin interface · SIP plugin installation for SQLi exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Core References

Issue Tracking x_refsource_confirm

http://www.igniterealtime.org/issues/browse/JM-1488

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7075

Various Sources x_refsource_misc

http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/46487

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/32478

Exploit x_refsource_misc

http://www.andreas-kurtz.de/archives/63

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/32189

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/498162/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/51912

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/3061

Scores

EPSS 0.0201

EPSS Percentile 78.4%

Details

CWE

CWE-89

Status published

Products (25)

igniterealtime/openfire 2.6.0

igniterealtime/openfire 2.6.1

igniterealtime/openfire 2.6.2

igniterealtime/openfire 3.0.0

igniterealtime/openfire 3.0.1

igniterealtime/openfire 3.1.0

igniterealtime/openfire 3.1.1

igniterealtime/openfire 3.2.0

igniterealtime/openfire 3.2.1

igniterealtime/openfire 3.2.2

... and 15 more

Published Mar 23, 2009

Tracked Since Feb 18, 2026