CVE-2008-6674

QuickerSite 1.8.5 - Denial of Service via mailPage.asp sEmail Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6674.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Description

mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood e-mail accounts with messages via a large number of requests with a modified sEmail parameter.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/5733

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in QuickerSite CMS 1.8.5, including insecure direct object references, XSS, and mailbombing. It provides functional HTML forms and URLs to exploit these flaws without requiring authentication.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Xss | Info Leak | Other

Complexity

Trivial

Reliability

Reliable

Target: QuickerSite CMS 1.8.5

No auth needed

Prerequisites: Access to the target QuickerSite CMS instance

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Various Sources x_refsource_misc

http://www.bugreport.ir/index_39.htm

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/29524

Various Sources x_refsource_misc

http://www.bugreport.ir/39/exploit.htm

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30501

Scores

EPSS 0.0273

EPSS Percentile 84.2%

Details

CWE

CWE-264

Status published

Products (1)

quickersite/quickersite 1.8.5

Published Apr 08, 2009

Tracked Since Feb 18, 2026