SQL Injection Vulnerability in Powie PSCRIPT Forum by Powie
CVE-2008-4355

Currently unrated

Key Information:

Vendor: Powie
Status: Pforum
Vendor: CVE Published:; 30 September 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-4355?

An SQL injection vulnerability exists in the showprofil.php script of Powie PSCRIPT Forum (also known as PHP Forum or pForum) versions up to 1.30. This flaw enables remote attackers to manipulate the id parameter and execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the database.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-4355 - Proof of Concept

References

https://www.exploit-db.com/exploits/6442

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/31872

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/2559

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 30, 2008
👾
Exploit known to exist
Sep 30, 2008
Vulnerability published
Sep 30, 2008
Vulnerability Reserved
Sep 30, 2008

CVE-2008-4355 Data

JSON