Published: 22/01/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote malicious users to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
alilg alitalk 1.9.1.1

###################################################################### # ALITALK v 1911 Multiple Vulnerabilities # # author : tomplixsee # # google dork : POWERED BY ALITALK # # download : wwwalilgcom/software/free-php-ajax-chat/ ...

CWE-89 http://www.securityfocus.com/bid/27315 http://secunia.com/advisories/28515 https://exchange.xforce.ibmcloud.com/vulnerabilities/39745 https://exchange.xforce.ibmcloud.com/vulnerabilities/39736 https://exchange.xforce.ibmcloud.com/vulnerabilities/39735 https://exchange.xforce.ibmcloud.com/vulnerabilities/39733 https://www.exploit-db.com/exploits/4922 https://nvd.nist.gov https://www.exploit-db.com/exploits/4922/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-0371

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect