Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6142

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6142
Last Modified 16 Feb 2009 12:00:00
Published 16 Feb 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6142

Summary

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

Vulnerable Systems

Application

  • China-on-site Flexphpic 0.0.3

  • China-on-site Flexphpic 0.0.4


References

XF - flexphpic-index-sql-injection(47653)

MILW0RM - 7624

SECUNIA - 33376


Last Updated: 27 May 2016 10:49:05