CVE-2008-0538

critical

Description

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

References

https://www.exploit-db.com/exploits/4990

https://exchange.xforce.ibmcloud.com/vulnerabilities/39965

http://www.vupen.com/english/advisories/2008/0346

http://www.securityfocus.com/bid/27468

http://www.securityfocus.com/archive/1/487122/100/0/threaded

http://secunia.com/advisories/28656

http://marc.info/?l=full-disclosure&m=120139657100513&w=2

Details

Source: Mitre, NVD

Published: 2008-02-01

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.01023