QwikSec

Security Database

CVE

CWE

Training

CVE-2008-6614

Published: Apr 6, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

exploit

x_refsource_EXPLOIT-DB

20080512 [SkyOut/Wired Security] SQL Injection in IDB Micro CMS 3.5 (Login Bypass)

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_BID

http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

http://www.securityfocus.com/bid/29159/exploit

x_refsource_MISC

ibdmicrocms-microcmsadmin-sql-injection(42539)

vdb-entry

x_refsource_XF

microcms-microcmsadmin-sql-injection(53272)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.