Vulnerability Description
SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Turnkeywebtools | Php Live Helper | <= 2.0.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31521Vendor Advisory
- http://securityreason.com/securityalert/4178
- http://www.gulftech.org/?node=research&article_id=00124-08162008Exploit
- http://www.securityfocus.com/archive/1/495542/100/0/threaded
- http://www.securityfocus.com/bid/30729Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44568
- https://www.exploit-db.com/exploits/6261
- http://secunia.com/advisories/31521Vendor Advisory
- http://securityreason.com/securityalert/4178
- http://www.gulftech.org/?node=research&article_id=00124-08162008Exploit
- http://www.securityfocus.com/archive/1/495542/100/0/threaded
- http://www.securityfocus.com/bid/30729Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44568
- https://www.exploit-db.com/exploits/6261
FAQ
What is CVE-2008-3762?
CVE-2008-3762 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of in...
How severe is CVE-2008-3762?
CVE-2008-3762 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3762?
Check the references section above for vendor advisories and patch information. Affected products include: Turnkeywebtools Php Live Helper.