CVE-2008-7269

NUCLEI

SiteEngine 5.x - Open Redirect via Forward Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-7269. PoCs published by xy7, xuanmumu. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in SiteEngine 5.x, including SQL injection via improper use of the intval function, URI redirection, and information disclosure. The SQL injection POC bypasses parameter validation by appending non-numeric characters to the input.

Description

Open redirect vulnerability in api.php in SiteEngine 5.x allows user-assisted remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the forward parameter in a logout action.

Exploits (2)

exploitdb WORKING POC VERIFIED
by xy7 · textwebappsphp
https://www.exploit-db.com/exploits/6823

The exploit demonstrates multiple vulnerabilities in SiteEngine 5.x, including SQL injection via improper use of the intval function, URI redirection, and information disclosure. The SQL injection POC bypasses parameter validation by appending non-numeric characters to the input.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: SiteEngine 5.x
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by xuanmumu · textwebappsphp
https://www.exploit-db.com/exploits/32523

This is a writeup describing a URI-redirection vulnerability in SiteEngine 5.0. The vulnerability allows an attacker to redirect users to arbitrary URLs via the 'forward' parameter in the logout action.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: SiteEngine 5.0
No auth needed
Prerequisites: Access to the target SiteEngine application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

UC Gateway Investment SiteEngine v5.0 - Open Redirect
MEDIUMVERIFIEDby ctflearner
Shodan: html:"SiteEngine" || http.html:"siteengine"
FOFA: body="siteengine"

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6823
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/497747/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/31888

Scores

EPSS 0.0346
EPSS Percentile 87.9%

Details

CWE
CWE-20
Status published
Products (1)
boka/siteengine 5.0
Published Dec 01, 2010
Tracked Since Feb 18, 2026