CVE-2008-5075 in E-Uploader Proinfo

Summary

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

11/14/2008

Disclosure

11/14/2008

Moderation

VulDB entry created

Entries

1: VDB-45022

CPE

ready

CWE

CWE-89 (Confirmed)

Exploit

Download

CVSS

7.3

EPSS

0.00414

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-5075
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5075
CVE Details	https://www.cvedetails.com/cve/CVE-2008-5075/

◂ Previous Overview Next ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!