Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2008-1295

Published: 12/03/2008 Updated: 29/09/2017
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 685
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in archives.php in Gregory Kokanosky (aka Greg's Place) phpMyNewsletter 0.8 beta 5 and previous versions allows remote malicious users to execute arbitrary SQL commands via the msg_id parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

gregory kokanosky phpmynewsletter

Exploits

Exploit DB: phpMyNewsletter 0.8b5 - 'msg_id' SQL Injection
#!/usr/bin/php <?php /* * Name: PHPMyNewsletter <= 08b5 SQL Injection * Credits: Charles "real" F <charlesfol[at]hotmailfr> * Date: 03-10-08 * Conditions: magic_quotes_gpc=Off * * This exploit gets admin_pass and admin_email from pmnl_config */ print "\n"; print " PHPMyNewsletter <= 08b5 SQL Injection\n"; print ...

References

CWE-89http://www.securityfocus.com/bid/28189https://exchange.xforce.ibmcloud.com/vulnerabilities/41197https://www.exploit-db.com/exploits/5231https://nvd.nist.govhttps://www.exploit-db.com/exploits/5231/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook