CVE-2008-6142

EUVD-2008-6112
Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
Affected Products (NVD)
VendorProductVersion
china-on-siteflexphpic
0.0.3
china-on-siteflexphpic
0.0.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/47653
https://www.exploit-db.com/exploits/7624
http://secunia.com/advisories/33376
https://exchange.xforce.ibmcloud.com/vulnerabilities/47653
https://www.exploit-db.com/exploits/7624