CVE-2008-2995
published 2008-07-03CVE-2008-2995: Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.7th percentile
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| phpeasydata | phpeasydata | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat3.6LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qrm3-ww98-8r4q: Multiple SQL injection vulnerabilities in PHPEasyData 1
ghsa_unreviewed·2022-05-01
CVE-2008-2995 [HIGH] CWE-89 GHSA-qrm3-ww98-8r4q: Multiple SQL injection vulnerabilities in PHPEasyData 1
Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via (1) the annuaire parameter to annuaire.php or (2) the username field in admin/login.php.
Red Hat
bacula-common: Insecure temporary file use in autochangers (symlink attack)
vendor_redhat·2008-08-11·CVSS 3.6
CVE-2008-5373 [LOW] bacula-common: Insecure temporary file use in autochangers (symlink attack)
bacula-common: Insecure temporary file use in autochangers (symlink attack)
mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/mtx.##### temporary file, probably a related issue to CVE-2005-2995.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact. This issue is not currently planned to be addressed in Red Hat Enterprise Linux 6. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: bacula (Red Hat Enterprise Linux 6) - Affected
No detection rules found.
Exploit-DB
PHPEasyData 1.5.4 - 'annuaire.php?annuaire' SQL Injection
exploitdb·2008-06-11
CVE-2008-2995 PHPEasyData 1.5.4 - 'annuaire.php?annuaire' SQL Injection
PHPEasyData 1.5.4 - 'annuaire.php?annuaire' SQL Injection
---
source: https://www.securityfocus.com/bid/29659/info
PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHPEasyData 1.5.4 is vulnerable; other versions may also be affected.
http://[website]/annuaire.
Exploit-DB
PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection
exploitdb·2008-06-11
CVE-2008-2995 PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection
PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection
---
source: https://www.securityfocus.com/bid/29659/info
PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Attackers may exploit the SQL-injection issues to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHPEasyData 1.5.4 is vulnerable; other versions may also be affected.
-admin/login.php
Due t
2008-07-03
Published