Vulnerability Description
SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dev\!L\'S | Clanportal | <= 1.4.9.6 |
Related Weaknesses (CWE)
References
- http://osvdb.org/49500
- http://secunia.com/advisories/32458Vendor Advisory
- http://securityreason.com/securityalert/4552
- http://www.securityfocus.com/bid/32049Exploit
- http://www.vupen.com/english/advisories/2008/2974
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46268
- https://www.exploit-db.com/exploits/6961
- http://osvdb.org/49500
- http://secunia.com/advisories/32458Vendor Advisory
- http://securityreason.com/securityalert/4552
- http://www.securityfocus.com/bid/32049Exploit
- http://www.vupen.com/english/advisories/2008/2974
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46268
- https://www.exploit-db.com/exploits/6961
FAQ
What is CVE-2008-4889?
CVE-2008-4889 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in ...
How severe is CVE-2008-4889?
CVE-2008-4889 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4889?
Check the references section above for vendor advisories and patch information. Affected products include: Dev\!L\'S Clanportal.