PT-2008-5820 · Igaming · Igaming Cms

Staker

Published

2008-10-17

Updated

2017-09-29

CVE-2008-4603

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions iGaming CMS version 2.0 Alpha 1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the keywords parameter in a "search games" action. The affected endpoint is related to the search.php file.

Recommendations For iGaming CMS version 2.0 Alpha 1, consider restricting access to the search.php file or the search games action until a fix is available. As a temporary workaround, avoid using the keywords parameter in the affected endpoint.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-4603

Affected Products

Igaming Cms

PT-2008-5820 · Igaming · Igaming Cms

CVE-2008-4603

Weakness Enumeration

Related Identifiers

Affected Products

References · 5