CVE-2008-1631

SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.

Published: Apr 2, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1631
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
emedia_office_gmbh / cuteflow	1.5.0	1.5.0.x
emedia_office_gmbh / cuteflow	2.10.0	2.10.0.x

http://secunia.com/advisories/29612
http://securityreason.com/securityalert/3792
http://www.securityfocus.com/archive/1/490305/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/41544

Vulnerability Database

290,273

CVE-2008-1631