2 matches found
CVE-2008-5582
CVE-2008-5582: SQL injection in Nukedit 4.9.x (and possibly earlier) in utilities/login.asp via the email parameter. The ASP script does not sanitize input before using it in a database query, enabling unauthenticated remote attackers to manipulate queries and potentially disclose or modify data....
Nukedit utilities/login.asp email Parameter SQL Injection
The remote host is running Nukedit, a content management system written in ASP. The version of Nukedit installed on the remote host fails to sanitize user input to the 'email' parameter of the 'utilities/login.asp' script before using it in a database query. An unauthenticated attacker may be abl...