Primary

Context

PHPads SQL Injection Vulnerability in click.php3

Vulnerability

A SQL injection vulnerability has been identified in PHPads version 2.0. This issue allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Exploitation of this vulnerability could lead to the extraction of sensitive database information, such as the current database name.

Impact

Successful exploitation allows for arbitrary SQL execution, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to click.php3 with a crafted bannerID parameter that includes SQL injection payloads. The payload can use SQL comment syntax and functions like extractvalue to extract database information.

Added: Mar 4, 2026, 7:01 PM

Updated: Mar 4, 2026, 7:01 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

3.5

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPads SQL Injection Vulnerability in click.php3

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating