CVE-2008-5586

Description

SQL injection vulnerability in findoffice.php in Check Up New Generation (aka Check New) 4.52, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.

Affected products

• check_up / check_new4.52 – 4.52

References

• EXPLOIThttps://www.exploit-db.com/exploits/7328
• VENDOR_ADVISORYhttp://secunia.com/advisories/32958
• MISChttp://securityreason.com/securityalert/4736
• MISChttp://www.securityfocus.com/bid/32590