PT-2023-9865 · Unknown · Email Registration

Published

2023-03-06

Updated

2024-05-17

CVE-2008-10004

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Email Registration versions 5.x-2.1

Description A critical issue affects the email registration user function of the email registration.module file. The manipulation of the namenew argument leads to SQL injection. The attack can be initiated remotely. Upgrading to version 6.x-1.0 addresses this issue.

Recommendations For Email Registration version 5.x-2.1, upgrade to version 6.x-1.0 to resolve the issue. As a temporary workaround, consider restricting the use of the email registration user function until the upgrade is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-10004

Affected Products

Email Registration

PT-2023-9865 · Unknown · Email Registration

CVE-2008-10004

Weakness Enumeration

Related Identifiers

Affected Products

References · 7