SQL Injection Vulnerability in iTechBids by iTechBids
CVE-2008-0692

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Itechbids
Vendor: CVE Published:; 12 February 2008

🔔 Create Itechscripts Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-0692?

The iTechBids platform contains a vulnerability in the bidhistory.php file that permits remote attackers to execute arbitrary SQL commands through manipulation of the item_id parameter. This security flaw can lead to unauthorized access to sensitive data, making it essential for users of affected versions to implement necessary updates and security measures to safeguard their systems.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-0692 - Proof of Concept

References

https://www.exploit-db.com/exploits/5056

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/27601

vdb-entryx_refsource_BID

http://secunia.com/advisories/28780

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Feb 12, 2008
👾
Exploit known to exist
Feb 12, 2008
Vulnerability published
Feb 12, 2008
Vulnerability Reserved
Feb 11, 2008

CVE-2008-0692 Data

JSON