SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:44
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/29612 - Vendor Advisory | |
References | () http://securityreason.com/securityalert/3792 - | |
References | () http://www.securityfocus.com/archive/1/490305/100/0/threaded - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41544 - |
Information
Published : 2008-04-02 17:44
Updated : 2024-11-21 00:44
NVD link : CVE-2008-1631
Mitre link : CVE-2008-1631
CVE.ORG link : CVE-2008-1631
JSON object : View
Products Affected
emedia_office_gmbh
- cuteflow
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')