SQL Injection Vulnerability in Powie pNews by Powie
CVE-2008-4347

Currently unrated

Key Information:

Vendor: Powie
Status: Pnews
Vendor: CVE Published:; 30 September 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-4347?

An SQL injection vulnerability in the newskom.php script of Powie pNews version 2.03 allows attackers to execute arbitrary SQL commands through the newsid parameter. This exploitation can lead to unauthorized access to the database, allowing attackers to manipulate, retrieve, or corrupt sensitive information stored within the system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-4347 - Proof of Concept

References

https://www.exploit-db.com/exploits/6447

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/31160

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/45114

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 30, 2008
👾
Exploit known to exist
Sep 30, 2008
Vulnerability published
Sep 30, 2008
Vulnerability Reserved
Sep 30, 2008

CVE-2008-4347 Data

JSON