PT-2008-6333 · Seportal · Seportal

Mr.Sql

Published

2008-11-21

Updated

2017-09-29

CVE-2008-5191

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SePortal version 2.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the poll id parameter to "poll.php" and the sp id parameter to "staticpages.php".

Recommendations For SePortal version 2.4, consider restricting access to the "poll.php" and "staticpages.php" scripts until a patch is available, and avoid using the poll id and sp id parameters in these scripts to minimize the risk of exploitation.

Exploit

Fix

RCE

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-5191

Affected Products

Seportal

PT-2008-6333 · Seportal · Seportal

CVE-2008-5191

Weakness Enumeration

Related Identifiers

Affected Products

References · 11