# CVE-2008

<table><thead><tr><th width="177">CVE</th><th width="353.800048828125">CVE Description</th><th>Reference</th></tr></thead><tbody><tr><td>CVE-2008-2023</td><td>Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.</td><td><a href="https://www.exploit-db.com/exploits/5507">https://www.exploit-db.com/exploits/5507</a></td></tr><tr><td>CVE-2008-0670</td><td>SQL injection vulnerability in index.php in the Noticias (com_noticias) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detalhe action.</td><td><a href="https://www.exploit-db.com/exploits/5081">https://www.exploit-db.com/exploits/5081</a></td></tr><tr><td>CVE-2008-0772</td><td>SQL injection vulnerability in index.php in the com_doc component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the sid parameter in a view task.</td><td><a href="https://www.exploit-db.com/exploits/5080">https://www.exploit-db.com/exploits/5080</a></td></tr><tr><td>CVE-2008-0721</td><td>SQL injection vulnerability in index.php in the Sermon (com_sermon) 0.2 component for Mambo allows remote attackers to execute arbitrary SQL commands via the gid parameter.</td><td><a href="https://www.exploit-db.com/exploits/5076">https://www.exploit-db.com/exploits/5076</a></td></tr><tr><td>CVE-2008-0719</td><td>SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.</td><td><a href="https://www.exploit-db.com/exploits/5075">https://www.exploit-db.com/exploits/5075</a></td></tr><tr><td>CVE-2008-7242</td><td>Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS 0.9.6.1 and 0.9.6.1p1 allo remote attackers to inject arbitrary web script or HTML via the (1) search, (2) "a," (3) messagesubject, and (4) messagebody parameters to certain pages as reachable from manager/index.php; (5) highlight, (6) id, (7) email, (8) name, and (9) parent parameters to index.php; and the (10) docgrp and (11) moreResultsPage parameters to index-ajax.php.</td><td><a href="https://www.exploit-db.com/exploits/31120">https://www.exploit-db.com/exploits/31120</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.prophaze.com/cve/cve-2008.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.