Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME field in admin_main.asp), and (3) the PassWord parameter to admin_loginCheck.asp (aka the PASSWORD field in admin_main.asp). NOTE: some of these details are obtained from third party information.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-12T19:27:00

Updated: 2024-08-07T11:13:13.432Z

Reserved: 2009-01-12T00:00:00

Link: CVE-2008-5892

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-01-12T20:00:02.517

Modified: 2024-11-21T00:55:08.663

Link: CVE-2008-5892

cve-icon Redhat

No data.