CVE-2008-5131

critical

Description

Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).

References

https://www.exploit-db.com/exploits/7014

https://exchange.xforce.ibmcloud.com/vulnerabilities/46397

http://www.securityfocus.com/bid/32144

http://securityreason.com/securityalert/4607

http://secunia.com/advisories/32595

Details

Source: Mitre, NVD

Published: 2008-11-18

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00195