CVE-2008-5075

EUVD-2008-5054
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
Affected Products (NVD)
VendorProductVersion
scriptsfrenzye-uploader_pro
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4596
http://www.securityfocus.com/bid/31445
https://exchange.xforce.ibmcloud.com/vulnerabilities/45487
https://www.exploit-db.com/exploits/6596
http://securityreason.com/securityalert/4596
http://www.securityfocus.com/bid/31445
https://exchange.xforce.ibmcloud.com/vulnerabilities/45487
https://www.exploit-db.com/exploits/6596