QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-7091

Back to search

CVE-2008-7091

Published: Aug 26, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

50191
vdb-entry
x_refsource_OSVDB
50198
vdb-entry
x_refsource_OSVDB
50195
vdb-entry
x_refsource_OSVDB
50193
vdb-entry
x_refsource_OSVDB
50194
vdb-entry
x_refsource_OSVDB
30458
vdb-entry
x_refsource_BID
50190
vdb-entry
x_refsource_OSVDB
50192
vdb-entry
x_refsource_OSVDB
50189
vdb-entry
x_refsource_OSVDB
50196
vdb-entry
x_refsource_OSVDB
50197
vdb-entry
x_refsource_OSVDB
6173
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now