CVE-2008-5191

EPSS 17.6%

Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.

Affected products

n/a · n/a

public PoCs found — 3

exploitdbwww.exploit-db.com/exploits/32359unverified exploitdbwww.exploit-db.com/exploits/32621unverified cve_referencewww.exploit-db.com/exploits/5960unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/30865 http://securityreason.com/securityalert/4623 https://exchange.xforce.ibmcloud.com/vulnerabilities/43450 https://www.exploit-db.com/exploits/5960 http://www.securityfocus.com/bid/29996 http://www.securityfocus.com/bid/66315