Published: 25/03/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and previous versions, allow remote malicious users to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
peel peel 1.0b
peel peel 2.6
peel peel 2.7

#!/usr/bin/php <?php /*---------------------------------------------------------------*\ * * Exploit: PEEL CMS Admin Hash Extraction and Remote Upload * Credits: Charles "real" F <charlesfol[at]hotmailfr> * URL: realnfreefr/ * Date: 03-18-08 * * Targets: PEEL PREMIUM PEEL POWERSELL * PEEL INTEGRALE PEEL PROFESSIO ...

CWE-89 http://realn.free.fr/releases/70207 http://www.securityfocus.com/bid/28346 http://secunia.com/advisories/29466 https://exchange.xforce.ibmcloud.com/vulnerabilities/41353 https://exchange.xforce.ibmcloud.com/vulnerabilities/41341 https://www.exploit-db.com/exploits/5281 https://nvd.nist.gov https://www.exploit-db.com/exploits/5281/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1496

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect