Vulnerability Description
SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) psw parameter (aka passwd field). NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dotnetindex | Professional Download Assistant | 0.1 |
Related Weaknesses (CWE)
References
- http://osvdb.org/50548
- http://secunia.com/advisories/33030Vendor Advisory
- http://securityreason.com/securityalert/4749
- http://www.securityfocus.com/bid/32706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47170
- https://www.exploit-db.com/exploits/7390
- http://osvdb.org/50548
- http://secunia.com/advisories/33030Vendor Advisory
- http://securityreason.com/securityalert/4749
- http://www.securityfocus.com/bid/32706
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47170
- https://www.exploit-db.com/exploits/7390
FAQ
What is CVE-2008-5571?
CVE-2008-5571 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in admin/login.asp in Professional Download Assistant 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter (aka user field) or the (2) ...
How severe is CVE-2008-5571?
CVE-2008-5571 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5571?
Check the references section above for vendor advisories and patch information. Affected products include: Dotnetindex Professional Download Assistant.