CVE-2008-6968

Pligg CMS 9.9.5 - SQL Injection via Category or ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6968.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Pligg CMS, including SQL injection, XSS, and arbitrary file inclusion. It provides specific code snippets, exploitation examples, and root cause analysis.

Description

Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/6173

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Pligg CMS, including SQL injection, XSS, and arbitrary file inclusion. It provides specific code snippets, exploitation examples, and root cause analysis.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Pligg CMS <= 9.9

No auth needed

Prerequisites: Access to vulnerable Pligg installation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/31062

Various Sources x_refsource_misc

http://www.digitrustgroup.com/advisories/web-application-security-pligg

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/45086

Scores

EPSS 0.0095

EPSS Percentile 56.5%

Details

CWE

CWE-89

Status published

Products (1)

pligg/pligg_cms 9.9.5

Published Aug 13, 2009

Tracked Since Feb 18, 2026