CVE-2008-4889

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
04/11/2008
Last modified:
21/11/2024

Description

SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:dev\!l\'s:clanportal:*:*:*:*:*:*:*:* 1.4.9.6 (including)
cpe:2.3:a:dev\!l\'s:clanportal:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:dev\!l\'s:clanportal:1.3.6:*:*:*:*:*:*:*