CVE-2008-5069: SQL Injection
First published: Fri Nov 14 2008(Updated: )
SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MySQL |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2008-5069?
CVE-2008-5069 is considered to have a medium severity due to its potential for SQL injection leading to arbitrary SQL command execution.
How do I fix CVE-2008-5069?
To fix CVE-2008-5069, ensure that magic_quotes_gpc is enabled and apply input validation or use prepared statements to mitigate SQL injection risks.
What is CVE-2008-5069?
CVE-2008-5069 is an SQL injection vulnerability in the go.php script of Panuwat PromoteWeb MySQL that allows remote attackers to execute arbitrary SQL commands via the id parameter.
Which software is affected by CVE-2008-5069?
CVE-2008-5069 affects Panuwat PromoteWeb MySQL when the magic_quotes_gpc setting is disabled.
Who can exploit CVE-2008-5069?
Remote attackers can exploit CVE-2008-5069 if the software is misconfigured to allow SQL injection through unvalidated user inputs.
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/deeserver
- canonical/mysql