Vulnerability Description
Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login.php and the (3) user_name and (4) user_pass parameters to admin/index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Develop It Easy | Membership System | 1.3 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32594Vendor Advisory
- http://www.securityfocus.com/bid/32147Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46396
- https://www.exploit-db.com/exploits/7015
- http://secunia.com/advisories/32594Vendor Advisory
- http://www.securityfocus.com/bid/32147Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46396
- https://www.exploit-db.com/exploits/7015
FAQ
What is CVE-2008-5054?
CVE-2008-5054 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Develop It Easy Membership System 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters to customer_login...
How severe is CVE-2008-5054?
CVE-2008-5054 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5054?
Check the references section above for vendor advisories and patch information. Affected products include: Develop It Easy Membership System.