3 matches found
SePortal SQLi Remote Code Execution
This module exploits a vulnerability found in SePortal version 2.5. When logging in as any non-admin user, it's possible to retrieve the admin session from the database through SQL injection. The SQL injection vulnerability exists in the "staticpages.php" page. This hash can be used to take over...
CVE-2008-5191
CVE-2008-5191 is a SQL injection vulnerability in SePortal. The public descriptions show affected versions include SePortal 2.4 (and references to 2.5). The issue allows remote attackers to trigger arbitrary SQL commands via the poll_id parameter to poll.php and the sp_id parameter to staticpages...
CVE-2008-5191
creationtimestamp| type| source ---|---|--- 2008-06-27 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/5960 2014-03-19 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32359 2014-03-31 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/32621 2018-05-29...