CVE-2008-6220

Description

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the pass parameter.

Affected products

• cafuego / simple_document_management_system1.1.4 – 1.1.4
• cafuego / simple_document_management_system1.1.5 – 1.1.5

References

• MISChttp://www.securityfocus.com/bid/32114
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/46342
• VENDOR_ADVISORYhttp://secunia.com/advisories/32502
• EXPLOIThttps://www.exploit-db.com/exploits/6987