CVE-2008-5652

SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information.

Published: Dec 17, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-5652
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
myiosoft / easybookmarker	4.0	4.0.x

http://osvdb.org/49701
http://secunia.com/advisories/32673
http://securityreason.com/securityalert/4770
http://www.securityfocus.com/bid/32199
http://www.vupen.com/english/advisories/2008/3075
https://exchange.xforce.ibmcloud.com/vulnerabilities/46447
https://www.exploit-db.com/exploits/7045

Vulnerability Database

289,871

CVE-2008-5652