CVE-2008-4345 – WebPortal CMS 0.7.4 - 'download.php' SQL Injection

https://notcve.org/view.php?id=CVE-2008-4345

SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the aid parameter. Vulnerabilidad de inyección SQL en download.php en WebPortal CMS v0.7.4 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elección a través de una el parámetro "aid". • https://www.exploit-db.com/exploits/6443 http://secunia.com/advisories/31784 http://www.securityfocus.com/bid/31156 http://www.vupen.com/english/advisories/2008/2560 https://exchange.xforce.ibmcloud.com/vulnerabilities/45113 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •