← back
CVE-2008-4606

CVE-2008-4606

EPSS 1.1%
Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) location_id parameter to locationdel.php and (2) vlan_id parameter to vlanedit.php. NOTE: the vlanview.php and vlandel.php vectors are already covered by CVE-2007-6579.
Affected products
n/a · n/a
public PoCs found1
cve_referencewww.exploit-db.com/exploits/6765unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/show/osvdb/49231http://osvdb.org/show/osvdb/49232http://securityreason.com/securityalert/4435https://exchange.xforce.ibmcloud.com/vulnerabilities/45934https://www.exploit-db.com/exploits/6765http://www.securityfocus.com/bid/31781