CVE-2009-3052

Prime Quick Style < 1.2.3 - Authenticated SQL Injection via prime_quick_style Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3052. PoCs published by -SmoG-.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in the phpBB3 addon prime_quick_style. The exploit involves manipulating the 'prime_quick_style' parameter to elevate user privileges to admin by injecting SQL commands.

Description

SQL injection vulnerability in root/includes/prime_quick_style.php in the Prime Quick Style addon before 1.2.3 for phpBB 3 allows remote authenticated users to execute arbitrary SQL commands via the prime_quick_style parameter to ucp.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by -SmoG- · textwebappsphp

https://www.exploit-db.com/exploits/9569

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in the phpBB3 addon prime_quick_style. The exploit involves manipulating the 'prime_quick_style' parameter to elevate user privileges to admin by injecting SQL commands.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpBB3 addon prime_quick_style

Auth required

Prerequisites: Valid user credentials · Access to the target application

MITRE ATT&CK