CVE-2008-1272
published 2008-03-10CVE-2008-1272: Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bmscripts | bm_classifieds | <= 20080309 | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8qxr-7577-f7rp: Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat
ghsa_unreviewed·2022-05-01
CVE-2008-1272 [HIGH] CWE-89 GHSA-8qxr-7577-f7rp: Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat
Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.
Red Hat
php: crash when extracting zip file with relative paths
vendor_redhat·2009-02-05·CVSS 7.5
CVE-2009-1272 [HIGH] php: crash when extracting zip file with relative paths
php: crash when extracting zip file with relative paths
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during extraction.
Statement: Not vulnerable. This issue did not affect PHP versions as shipped in Red Hat Enterprise Linux 2.1, 3, 4, and 5, and Red Hat Application Stack v1 and v2. This problem was introduced in the fix for CVE-2008-5658. Patch for CVE-2008-5658 as used in Red Hat Application Stack v2 also includes the fix for this crash too.
No detection rules found.
http://secunia.com/advisories/29297http://www.securityfocus.com/bid/28159https://exchange.xforce.ibmcloud.com/vulnerabilities/41066https://www.exploit-db.com/exploits/5223http://secunia.com/advisories/29297http://www.securityfocus.com/bid/28159https://exchange.xforce.ibmcloud.com/vulnerabilities/41066https://www.exploit-db.com/exploits/5223
2008-03-10
Published