Vulnerability Description
Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Develop It Easy | News And Article System | 1.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32595Vendor Advisory
- http://securityreason.com/securityalert/4607
- http://www.securityfocus.com/bid/32144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46397
- https://www.exploit-db.com/exploits/7014
- http://secunia.com/advisories/32595Vendor Advisory
- http://securityreason.com/securityalert/4607
- http://www.securityfocus.com/bid/32144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46397
- https://www.exploit-db.com/exploits/7014
FAQ
What is CVE-2008-5131?
CVE-2008-5131 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the...
How severe is CVE-2008-5131?
CVE-2008-5131 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5131?
Check the references section above for vendor advisories and patch information. Affected products include: Develop It Easy News And Article System.