SQL Injection Vulnerability in Powie pLink Affects User Data Security
CVE-2008-4357

Currently unrated

Key Information:

Vendor: Powie
Status: Plink
Vendor: CVE Published:; 30 September 2008

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2008-4357?

The SQL injection vulnerability in the linkto.php file of Powie pLink version 2.07 allows remote attackers to manipulate the database through the 'id' parameter. This vulnerability can lead to unauthorized execution of SQL commands, which may result in data breaches or alterations. It is crucial for users of this version to apply timely updates or mitigations to safeguard against potential exploitation.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2008-4357 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45115

vdb-entryx_refsource_XF

http://www.securityfocus.com/bid/31163

vdb-entryx_refsource_BID

https://www.exploit-db.com/exploits/6449

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 30, 2008
👾
Exploit known to exist
Sep 30, 2008
Vulnerability published
Sep 30, 2008
Vulnerability Reserved
Sep 30, 2008

CVE-2008-4357 Data

JSON