CVE-2008-6725

Cmscout - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) index.php in a mythings page (mythings.php) and (2) the users page in admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/7625

View Code ZIP pw:eip

References (6)

Core 6

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7625

Various Sources x_refsource_confirm

http://www.cmscout.co.za/index.php?page=news&id=30

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33068

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33375

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/47659

Exploit vdb-entry x_refsource_osvdb

http://osvdb.org/51118

Scores

EPSS 0.0062

EPSS Percentile 70.0%

Details

CWE

CWE-89

Status published

Products (1)

cmscout/cmscout 2.06

Published Apr 17, 2009

Tracked Since Feb 18, 2026