CVE-2009-0968

fMoblog plugin 2.1 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0968. PoCs published by strange kevin.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the WordPress fMoblog plugin version 2.1. It allows an attacker to extract user credentials (login, password, email) from the wp_users table via a crafted UNION-based SQL injection.

Description

SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by strange kevin · textwebappsphp

https://www.exploit-db.com/exploits/8229

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the WordPress fMoblog plugin version 2.1. It allows an attacker to extract user credentials (login, password, email) from the wp_users table via a crafted UNION-based SQL injection.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress fMoblog Plugin 2.1

No auth needed

Prerequisites: WordPress site with fMoblog plugin version 2.1 installed · Valid page_id parameter

MITRE ATT&CK