CVE-2008-6837

Zoph 0.7.2.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6837. PoCs published by Julian Rodriguez.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) and SQL injection vulnerability in Zoph 0.7.2.1, with specific credentials to trigger the issue. It includes technical details about the impact and affected versions but does not contain functional exploit code.

Description

SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-3258. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Julian Rodriguez · textwebappsphp

https://www.exploit-db.com/exploits/32013

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) and SQL injection vulnerability in Zoph 0.7.2.1, with specific credentials to trigger the issue. It includes technical details about the impact and affected versions but does not contain functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Zoph 0.7.2.1

No auth needed

Prerequisites: Access to the Zoph login page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/30116

Exploit x_refsource_misc

http://www.securityfocus.com/bid/30116/exploit

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/43693

Scores

EPSS 0.0237

EPSS Percentile 81.7%

Details

CWE

CWE-89

Status published

Products (1)

zoph/zoph 0.7.2.1

Published Jun 27, 2009

Tracked Since Feb 18, 2026