CVE-2008-0538

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

Published: Feb 1, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0538
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
phpip / phpip_management	4.3.2	4.3.2.x

http://marc.info/?l=full-disclosure&m=120139657100513&w=2
http://secunia.com/advisories/28656
http://www.securityfocus.com/archive/1/487122/100/0/threaded
http://www.securityfocus.com/bid/27468
http://www.vupen.com/english/advisories/2008/0346
https://exchange.xforce.ibmcloud.com/vulnerabilities/39965
https://www.exploit-db.com/exploits/4990

Vulnerability Database

289,871

CVE-2008-0538