Vulnerability Description
SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Activewebsoftwares | Active Ewebquiz | 8.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/32927Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46910
- https://www.exploit-db.com/exploits/7279
- http://secunia.com/advisories/32927Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46910
- https://www.exploit-db.com/exploits/7279
FAQ
What is CVE-2008-5631?
CVE-2008-5631 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password param...
How severe is CVE-2008-5631?
CVE-2008-5631 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5631?
Check the references section above for vendor advisories and patch information. Affected products include: Activewebsoftwares Active Ewebquiz.