CVE-2008-4043

Description

Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.

Affected products

• aj_square / aj_hyipacme – acme

References

• MISChttp://securityreason.com/securityalert/4240
• MISChttp://www.securityfocus.com/bid/30974
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/44803
• EXPLOIThttps://www.exploit-db.com/exploits/6350