Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5892


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-5892
Last Modified 29 Jan 2009 02:00:35
Published 12 Jan 2009 03:00:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.

Vulnerable Systems


  • Icash Click%26email Nil


BID - 32857

MILW0RM - 7485

SREASON - 4903

SECUNIA - 33155

Last Updated: 27 May 2016 10:48:58