CVE-2008-7091

critical

Description

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

References

https://www.exploit-db.com/exploits/6173

https://exchange.xforce.ibmcloud.com/vulnerabilities/44193

http://www.securityfocus.com/archive/1/494987/100/0/threaded

http://www.osvdb.org/50198

http://www.osvdb.org/50197

http://www.osvdb.org/50196

http://www.osvdb.org/50195

http://www.osvdb.org/50194

http://www.osvdb.org/50193

http://www.osvdb.org/50192

http://www.osvdb.org/50191

http://www.osvdb.org/50190

http://www.osvdb.org/50189

Details

Source: Mitre, NVD

Published: 2009-08-26

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05536