CVE-2008-6081

The CVE-2008-6081 entry describes an SQL injection vulnerability in Simple Customer 1.2, specifically in contact.php, where the id parameter can be manipulated by an attacker to execute arbitrary SQL commands. Affects Simple Customer 1.2 (contact.php) with user-controlled id input; impact per NVD...

CVE-2008-6326

Summary (CVE-2008-6326): A SQL injection flaw exists in login.php of the Simple Customer software, allowing remote attackers to inject arbitrary SQL via the email parameter. This is the root cause: unsanitized user input in a login routine leading to command execution against the database. Impact...

CVE-2008-6332

CVE-2008-6332 describes an SQL injection in login.php of Simple Customer 1.2. The vulnerability allows remote attackers to submit a crafted password parameter and execute arbitrary SQL commands, impacting authentication processes and data integrity. The entry notes a high overall severity (CVSS v...

CVE-2009-1637

The CVE-2009-1637 entry concerns profile.php in Simple Customer 1.3, where administrative authentication is not required. This allows remote attackers to modify the admin email address and password by passing email and password parameters. The NVD data lists a CVSS v2 base score of 6.4 (Network a...