CVE-2008-2130
published 2008-05-09CVE-2008-2130: SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.96%
57.1th percentile
SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| igaming | cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
exploitdb·2013-10-02
CVE-2013-5680 HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
HylaFAX+ 5.2.4 > 5.5.3 - Buffer Overflow
---
Details
Application: "HylaFAX+"
Version: 5.2.4 (April, 2008) through 5.5.3 (August 6, 2013)
Type: Daemon that manages a fax server via an FTP-like protocol.
Vendor / Maintainer: Lee Howard (faxguy _at_ howardsilvan.com)
Project Homepage: http://hylafax.sourceforge.net/
Vulnerability: CWE-120: Classic buffer overflow from unchecked network
traffic, resulting in heap corruption.
Vulnerability Discoverer: Dennis Jenkins (dennis.jenkins.75 _at_ gmail.com)
CVE reference: CVE-2130-5680, 2013-09-03
Solution Status: Fixed by vendor.
Description
"HylaFAX™ is an enterprise-class open-source system for sending and
receiving facsimiles as well as for sending alpha-numeric pages."
Vulnerability
HylaFAX+ contains a daemon, "hfaxd", that allows a "fax cl
Exploit-DB
iGaming CMS 1.5 - 'poll_vote.php' SQL Injection
exploitdb·2008-05-05
CVE-2008-2130 iGaming CMS 1.5 - 'poll_vote.php' SQL Injection
iGaming CMS 1.5 - 'poll_vote.php' SQL Injection
---
source: https://www.securityfocus.com/bid/29059/info
iGaming CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
The issue affects iGaming CMS 1.5; other versions may also be affected.
#!/usr/bin/perl
#===========================================================================================================================#
# _ ____ _ _ _ _ #
# __ ___ __| |__ /_ _ ___ | |_ ___| | |_____ __ _____| |__ ___ _ _ #
# / _/ _ \/ _` ||_ \ '_|_ / _ | ' \/ -_) | / _ \ V V / -_) '_ \ _ / -_) || |
No writeups or analysis indexed.
http://downloads.securityfocus.com/vulnerabilities/exploits/29059.plhttp://www.securityfocus.com/bid/29059https://exchange.xforce.ibmcloud.com/vulnerabilities/42229http://downloads.securityfocus.com/vulnerabilities/exploits/29059.plhttp://www.securityfocus.com/bid/29059https://exchange.xforce.ibmcloud.com/vulnerabilities/42229
2008-05-09
Published