SQL Injection Vulnerability in Powie pNews Product
CVE-2008-2673

Currently unrated

Key Information:

Vendor: Powie
Status: Pnews
Vendor: CVE Published:; 12 June 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-2673?

The vulnerability in Powie pNews versions 2.08 and 2.10 allows for SQL injection through unsanitized input in the index.php file. When magic_quotes_gpc is disabled, attackers can exploit the 'shownews' parameter to execute arbitrary SQL commands, leading to potential unauthorized data access or manipulation. This flaw highlights the importance of input validation and sanitation in web applications.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-2673 - Proof of Concept

References

http://www.securityfocus.com/bid/29617

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/42951

vdb-entryx_refsource_XF

http://secunia.com/advisories/30577

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 12, 2008
👾
Exploit known to exist
Jun 12, 2008
Vulnerability published
Jun 12, 2008
Vulnerability Reserved
Jun 11, 2008

CVE-2008-2673 Data

JSON