SQL Injection Vulnerability in OneCMS by OneCMS
CVE-2008-7208

Currently unrated

Key Information:

Vendor: Insane Visions
Status: Onecms
Vendor: CVE Published:; 11 September 2009

🔔 Create Insane Visions Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2008-7208?

Multiple SQL injection vulnerabilities exist in OneCMS 2.4 and possibly earlier versions, allowing attackers to execute arbitrary SQL commands. The vulnerabilities are triggered through the 'username' parameter in a_login.php and the 'user' parameter in staff.php, posing risks for users of the affected software. If exploited, these SQL injection vulnerabilities could lead to unauthorized data access and compromise the integrity of the application.

References

http://www.bugreport.ir/index_26.htm

x_refsource_MISC

http://www.securityfocus.com/archive/1/485837/100/200/thr...

mailing-listx_refsource_BUGTRAQ

http://sourceforge.net/forum/forum.php?forum_id=774946

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Sep 11, 2009
👾
Exploit known to exist
Sep 11, 2009
Vulnerability published
Sep 11, 2009
Vulnerability Reserved
Sep 11, 2009

CVE-2008-7208 Data

JSON