Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2008-4157

Published: 22/09/2008 Updated: 29/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 760
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote malicious users to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.

Vulnerable Product Search on Vulmon Subscribe to Product

vastal phpvid 1.1

Exploits

Exploit DB: PHPVID 1.1 - Cross-Site Scripting / SQL Injection
################################################################ # ___ __ _______ ___ # # __| _/____ _______| | __ ____ \ _ \ __| _/____ # # / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ # # / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ # # \____ |(_____ ...
Exploit DB: PHPVID 1.2.3 - Multiple Vulnerabilities
################################################################################## _____ _ _ _ _____ | __ \ | | | | (_) / ____| | |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___ | _ // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ ...

References

CWE-89http://www.securityfocus.com/bid/31108http://securityreason.com/securityalert/4291http://www.vupen.com/english/advisories/2008/2552http://secunia.com/advisories/31761http://osvdb.org/show/osvdb/48018http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.htmlhttp://www.exploit-db.com/exploits/27519http://seclists.org/fulldisclosure/2015/Mar/58http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.htmlhttp://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2-3-sql-injection-security-vulnerabilities/https://exchange.xforce.ibmcloud.com/vulnerabilities/45028https://www.exploit-db.com/exploits/6422https://nvd.nist.govhttps://www.exploit-db.com/exploits/6422/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook