CVE-2008-6665

Ananta CMS 1.0b5 - Remote Code Execution via Email Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6665. PoCs published by CWH Underground.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Ananta CMS 1.0b5, allowing an attacker to escalate privileges to administrator by injecting malicious input into the 'change.php' form. The payload modifies the 'admin' field in the database to grant administrative access.

Description

change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows remote attackers to gain administrator privileges via a crafted email parameter, possibly related to code injection.

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/5824

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in Ananta CMS 1.0b5, allowing an attacker to escalate privileges to administrator by injecting malicious input into the 'change.php' form. The payload modifies the 'admin' field in the database to grant administrative access.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Ananta CMS 1.0b5

Auth required

Prerequisites: Access to a user account in Ananta CMS · magic_quotes_gpc being disabled on the target server

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5824

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29752

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43119

Scores

EPSS 0.0183

EPSS Percentile 76.0%

Details

CWE

CWE-94

Status published

Products (1)

anantasoft/ananta_cms 1.0b5

Published Apr 08, 2009

Tracked Since Feb 18, 2026