CVE-2008-6582

Miniweb 2.0 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6582. PoCs published by bizzit, HaCkeR_EgY.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Miniweb 2.0, allowing an attacker to bypass authentication by injecting 'union select 1#' into the username field. The exploit grants admin access without requiring valid credentials.

Description

SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.

Exploits (2)

exploitdb WORKING POC VERIFIED
by bizzit · textwebappsphp
https://www.exploit-db.com/exploits/7586

This exploit demonstrates an SQL injection vulnerability in Miniweb 2.0, allowing an attacker to bypass authentication by injecting 'union select 1#' into the username field. The exploit grants admin access without requiring valid credentials.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Miniweb 2.0
No auth needed
Prerequisites: Access to the Miniweb 2.0 login page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by HaCkeR_EgY · textwebappsphp
https://www.exploit-db.com/exploits/5548

This exploit demonstrates a SQL injection vulnerability in Miniweb 2.0's index.php, specifically in the 'historymonth' parameter. The PoC uses a UNION-based SQLi to extract admin credentials (user_id, username, password) from the 'admin_access' table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Miniweb 2.0
No auth needed
Prerequisites: Target must be running Miniweb 2.0 with the vulnerable 'blogwriter' module enabled
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47364
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30085
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32819
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7586

Scores

EPSS 0.0098
EPSS Percentile 57.6%

Details

CWE
CWE-89
Status published
Products (1)
miniweb2/miniweb 2.0
Published Apr 02, 2009
Tracked Since Feb 18, 2026