CVE-2008-0538

Loading...

General

Score:6.8/10.0
Severity:Medium
Category:SQL Injection
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:Partial
Availability:Partial

Exploitability Metrics

Access Vector:Network
Access Complexity:Medium
Authentication:None

Published on 01/02/08 - Updated on 16/10/18

Description

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

Category: SQL Injection

CWE-89 (SQL Injection)
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

Security Notices

US National Vulnerability DatabaseCVE-2008-0538

Exploits

Exploit-DBEDB-4990
SecurityFocusBID-27468

Relative technologies

VendorProduct
phpipphpip_management

Share this vulnerability with:

Twitter Facebook LinkedIn Mail