CVE-2009-4883

PHPRecipeBook 2.24 and 2.39 - SQL Injection via base_id or course_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-4883. PoCs published by DarKdewiL, d3b4g.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in PHPRecipeBook 2.39, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC provides specific payloads for username and password extraction.

Description

SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and 2.39 allows remote attackers to execute arbitrary SQL commands via the (1) base_id or (2) course_id parameter in a search action.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DarKdewiL · textwebappsphp
https://www.exploit-db.com/exploits/8330

This exploit demonstrates a SQL injection vulnerability in PHPRecipeBook 2.39, allowing an attacker to extract user credentials via a crafted URL parameter. The PoC provides specific payloads for username and password extraction.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHPRecipeBook 2.39
No auth needed
Prerequisites: Access to the target application's search functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by d3b4g · textwebappsphp
https://www.exploit-db.com/exploits/8182

This exploit demonstrates a SQL injection vulnerability in PHPRecipeBook 2.24 via the `base_id` parameter, allowing an attacker to extract database information such as version details. The PoC includes a crafted URL that performs a UNION-based SQL injection.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PHPRecipeBook 2.24
No auth needed
Prerequisites: Access to the target web application · SQL injection vulnerability in the `base_id` parameter
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/34052
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34221
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49145
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8182

Scores

EPSS 0.0100
EPSS Percentile 58.3%

Details

CWE
CWE-89
Status published
Products (2)
todd_rogers/phprecipebook 2.24
todd_rogers/phprecipebook 2.39
Published Jun 11, 2010
Tracked Since Feb 18, 2026