Vulnerability Details CVE-2008-4889
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.6%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/49500
- http://secunia.com/advisories/32458
- http://securityreason.com/securityalert/4552
- http://www.securityfocus.com/bid/32049
- http://www.vupen.com/english/advisories/2008/2974
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46268
- https://www.exploit-db.com/exploits/6961
- http://osvdb.org/49500
- http://secunia.com/advisories/32458
- http://securityreason.com/securityalert/4552
- http://www.securityfocus.com/bid/32049
- http://www.vupen.com/english/advisories/2008/2974
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46268
- https://www.exploit-db.com/exploits/6961
Products affected by CVE-2008-4889
-
cpe:2.3:a:dev!l's:clanportal:*
-
cpe:2.3:a:dev!l's:clanportal:1.2.5
-
cpe:2.3:a:dev!l's:clanportal:1.3.6