CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-6142

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://secunia.com/advisories/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/47653
https://www.exploit-db.com/exploits/7624
http://secunia.com/advisories/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/47653
https://www.exploit-db.com/exploits/7624

Products affected by CVE-2008-6142

China-On-Site » Flexphpic » Version: 0.0.3

cpe:2.3:a:china-on-site:flexphpic:0.0.3
China-On-Site » Flexphpic » Version: 0.0.4

cpe:2.3:a:china-on-site:flexphpic:0.0.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-6142

Products

Pricing

Contact Us