CVE-2008-4887

SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a 1 profile page profile.php or 2 game page game.php. NOTE: some of these details are obtained from third party information...

Sql injection

SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a 1 profile page profile.php or 2 game page game.php. NOTE: some of these details are obtained from third party information...

netrisk2-sqlxss.txt

----------------------------------------------------------------- NetRisk javascript Remote SQL Injection index.php?p=profile&id=1+union+all+select+0,0,concatlogin,0x3a,password,0,0,0,0,0,0,0,0,0,0,0,0+from+netriskusers+where+id=1/...

CVE-2008-4887

The CVE-2008-4887 entry describes a SQL injection vulnerability in NetRisk 2.0 and earlier. Affected component is index.php handling requests where the id parameter (in profile.php or game.php) enables an attacker to manipulate SQL queries, potentially allowing remote execution of arbitrary SQL c...

CVE-2008-4888

CVE-2008-4888 is an XSS vulnerability in NetRisk 2.0 and earlier, exploitable via error parameter to index.php in error.php. Affected: NetRisk 2.0 and earlier. Impact: script/HTML injections in responses. Root cause: unvalidated error parameter leading to reflected HTML/JS. Public remediation det...

CVE-2008-4887

SQL injection vulnerability in index.php in NetRisk 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter in a 1 profile page profile.php or 2 game page game.php. NOTE: some of these details are obtained from third party information...