CVE-2008-7091

Name of the Vulnerable Software and Affected Versions Pligg versions 9.9 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. The vulnerabilities exist in various parameters and variables, including the id parameter to "vote.php", the id parameter to "trackback.php", an unspecified parameter to "submit.php", the requestTitle variable in a query to "story.php", the requestID and requestTitle variables in "recommend.php", the categoryID parameter to "cloud.php", the title parameter to "out.php", the username parameter to "login.php", the id parameter to "cvote.php", and the commentid parameter to "edit.php".

Recommendations For Pligg versions 9.9 and earlier, consider disabling the affected parameters and variables, such as the id parameter in "vote.php" and "trackback.php", the unspecified parameter in "submit.php", the requestTitle variable in "story.php", the requestID and requestTitle variables in "recommend.php", the categoryID parameter in "cloud.php", the title parameter in "out.php", the username parameter in "login.php", the id parameter in "cvote.php", and the commentid parameter in "edit.php", until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.