Published: 04/11/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 765

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in tr.php in YourFreeWorld Downline Builder allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yourfreeworld downline builder script

Downline Builder( id ) Remote SQL Injection Vulnerability ___________________________________ Author: Hussin X Home : wwwIQ-TYcom & wwwTrYaGcc ___________________________________ script : wwwyourfreeworldcom/script/downlinebuilderphp DorK : inurl:trphp?id= Downline Exploit : _______ trphp?id=-1+union+select+1,2,3,c ...

Banner Management (id) Remote SQL Injection Vulnerability ___________________________________ Author: Hussin X Home : wwwIQ-TYcom & wwwTrYaGcc ___________________________________ script : wwwyourfreeworldcom/script/bannermanagementscriptasp DorK : :) Exploit : _______ trphp?id=-1+union+select+1,2,3,concat(user(),ve ...

source: wwwsecurityfocuscom/bid/32047/info Downline Builder Pro is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in t ...

CWE-89 http://www.securityfocus.com/bid/32046 http://osvdb.org/49599 http://www.securityfocus.com/bid/32047 http://www.vupen.com/english/advisories/2008/2990 https://www.exploit-db.com/exploits/6935 https://nvd.nist.gov https://www.exploit-db.com/exploits/6935/

CVE-2008-4895

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect