2 matches found
CVE-2008-3556
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 showmember parameter in a members action and the 2 thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522...
CVE-2008-2522
The CVE-2008-2522 entry concerns SQL injection in members.php of Battle.net Clan Script for PHP 1.5.3 and earlier. When magic_quotes_gpc is disabled, remote attackers can inject SQL through the showmember parameter in a members action. The NVD note specifies a CVSS v2 base score of 6.8 (Network a...