CVE-2008-3133

UNRATEDInjection

Description

SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the password parameter.

Affected products

barenuked / barenuked_cms1.1.0 – 1.1.0

References

EXPLOIThttps://www.exploit-db.com/exploits/5971
VENDOR_ADVISORYhttp://secunia.com/advisories/30887
MISChttp://www.securityfocus.com/bid/30011
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43471