SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm allows remote attackers to execute arbitrary SQL commands via the (1) txtusername parameter (aka username field) or the (2) txtpassword parameter (aka password field). NOTE: some of these details are obtained from third party information.
References
Configurations
History
No history.
Information
Published : 2008-12-16 19:07
Updated : 2024-02-28 11:21
NVD link : CVE-2008-5589
Mitre link : CVE-2008-5589
CVE.ORG link : CVE-2008-5589
JSON object : View
Products Affected
katywhitton
- rankem
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')