Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5054

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5054
Last Modified 17 Jul 2009 12:00:00
Published 13 Nov 2008 06:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5054

Summary

Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Develop It Easy Membership System 1.3


References

XF - membershipsystem-multiple-sql-injection(46396)

BID - 32147

SECUNIA - 32594

MILW0RM - 7015


Last Updated: 27 May 2016 10:48:42