RSS   Vulnerabilities for 'E-uploader pro'   RSS

2008-11-14
 
CVE-2008-5075

CWE-89
 

 
Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.

 

 >>> Vendor: Scriptsfrenzy 2 Products
Article publisher pro
E-uploader pro


Copyright 2024, cxsecurity.com

 

Back to Top