CVE-2008-6274

EUVD-2008-6244
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field).  NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
mjcreationfamilyproject
2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/50314
http://secunia.com/advisories/32900
http://www.securityfocus.com/bid/32501
https://exchange.xforce.ibmcloud.com/vulnerabilities/46929
https://www.exploit-db.com/exploits/7248
http://osvdb.org/50314
http://secunia.com/advisories/32900
http://www.securityfocus.com/bid/32501
https://exchange.xforce.ibmcloud.com/vulnerabilities/46929
https://www.exploit-db.com/exploits/7248