← back
CVE-2008-2890

CVE-2008-2890

EPSS 1.0%
Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/5889unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/30795http://securityreason.com/securityalert/3960https://exchange.xforce.ibmcloud.com/vulnerabilities/43259https://www.exploit-db.com/exploits/5889http://www.securityfocus.com/bid/29861