CVE-2008-6525

Nice PHP FAQ Script - SQL Injection via Admin Panel Password Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6525. PoCs published by r45c4l.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in the NICE FAQ Script, allowing authentication bypass via a crafted password input. The exploit details are provided in a clear, non-technical manner.

Description

SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).

Exploits (1)

exploitdb WRITEUP VERIFIED
by r45c4l · textwebappsphp
https://www.exploit-db.com/exploits/7018

This is a writeup describing an SQL injection vulnerability in the NICE FAQ Script, allowing authentication bypass via a crafted password input. The exploit details are provided in a clear, non-technical manner.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: NICE FAQ Script (version unspecified)
No auth needed
Prerequisites: access to the admin login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7018
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32150
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46402

Scores

EPSS 0.0199
EPSS Percentile 78.0%

Details

CWE
CWE-89
Status published
Products (1)
nicephpscripts/nice_php_faq_script
Published Mar 25, 2009
Tracked Since Feb 18, 2026