CVE-2008-5571

Published: 15/12/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote malicious users to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dotnetindex professional download assistant 0.1

source: wwwsecurityfocuscom/bid/32706/info Professional Download Assistant is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabi ...

[~] Professional Download Assistant 01 Bypass [~] [~] ---------------------------------------------------------- [~] Discovered By: ZoRLu msn: trt-turk@hotmailcom [~] [~] Home: wwwz0rlublogspotcom [~] [~] Date: 08/12/2008 [~] [~] N0T: TUM iSLAM ALEMiNiN BAYRAMINI KUTLARIM! [~] [~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( ( [~] - ...

CWE-89 http://www.securityfocus.com/bid/32706 http://secunia.com/advisories/33030 http://osvdb.org/50548 http://securityreason.com/securityalert/4749 https://exchange.xforce.ibmcloud.com/vulnerabilities/47170 https://www.exploit-db.com/exploits/7390 https://nvd.nist.gov https://www.exploit-db.com/exploits/32653/

CVE-2008-5571

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect