CVE-2008-4880
published 2008-11-04CVE-2008-4880: SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.17%
63.4th percentile
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-43xj-fv89-3qq5: SQL injection vulnerability in prodshow
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-4880 [HIGH] CWE-89 GHSA-43xj-fv89-3qq5: SQL injection vulnerability in prodshow
SQL injection vulnerability in prodshow.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2008-4879.
GHSA
GHSA-f29p-6qjp-hxmh: SQL injection vulnerability in prod
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-4879 [HIGH] CWE-89 GHSA-f29p-6qjp-hxmh: SQL injection vulnerability in prod
SQL injection vulnerability in prod.php in Maran PHP Shop allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2008-4880.
Red Hat
(32-bit): Multiple integer overflows in the printf implementation
vendor_redhat·2009-09-03·CVSS 7.5
CVE-2009-4880 [HIGH] CWE-190 (32-bit): Multiple integer overflows in the printf implementation
(32-bit): Multiple integer overflows in the printf implementation
Multiple integer overflows in the strfmon implementation in the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow context-dependent attackers to cause a denial of service (memory consumption or application crash) via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391.
Statement: Red Hat does not consider this bug to be a security issue. Properly written application should not use arbitrary untrusted data as part of the format string passed to functions as strfmon or printf family functions.
No detection rules found.
http://osvdb.org/49533http://securityreason.com/securityalert/4548http://www.securityfocus.com/bid/32043http://www.vupen.com/english/advisories/2008/2976https://exchange.xforce.ibmcloud.com/vulnerabilities/46305https://www.exploit-db.com/exploits/6958http://osvdb.org/49533http://securityreason.com/securityalert/4548http://www.securityfocus.com/bid/32043http://www.vupen.com/english/advisories/2008/2976https://exchange.xforce.ibmcloud.com/vulnerabilities/46305https://www.exploit-db.com/exploits/6958
2008-11-04
Published