Sql injection

2009-12-0419:30:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.5%

JSON

Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php in Arab Portal 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.

CPENameOperatorVersion
arab_portaleq2.2

CPE	Name	Operator	Version
	arab_portal	eq	2.2

References

osvdb.org/54811

secunia.com/advisories/35257

www.securityfocus.com/bid/35149

exchange.xforce.ibmcloud.com/vulnerabilities/50859

www.exploit-db.com/exploits/8828