Vulnerability Details CVE-2008-1990
Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://bugreport.ir/index.php?/36
- http://secunia.com/advisories/29916
- http://securityreason.com/securityalert/3842
- http://www.securityfocus.com/archive/1/491129/100/0/threaded
- http://www.securityfocus.com/bid/28868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41918
- https://www.exploit-db.com/exploits/5478
- http://bugreport.ir/index.php?/36
- http://secunia.com/advisories/29916
- http://securityreason.com/securityalert/3842
- http://www.securityfocus.com/archive/1/491129/100/0/threaded
- http://www.securityfocus.com/bid/28868
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41918
- https://www.exploit-db.com/exploits/5478
Products affected by CVE-2008-1990
-
cpe:2.3:a:acidcat:acidcat_cms:3.4.1