Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use
References
Configurations
History
25 Sep 2024, 16:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-89 | |
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
07 Nov 2023, 02:00
Type | Values Removed | Values Added |
---|---|---|
Summary | Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a login. NOTE: CVE disputes this vulnerability, since ADMIN_USER/ADMIN_PASS are initialized before use |
Information
Published : 2007-05-09 00:19
Updated : 2024-09-25 16:35
NVD link : CVE-2007-2534
Mitre link : CVE-2007-2534
CVE.ORG link : CVE-2007-2534
JSON object : View
Products Affected
phphoo3
- phphoo3
CWE
NVD-CWE-Other
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')