Vulnerabilities > CVE-2008-2279 - Credentials Management vulnerability in Freelance Auction Freelance Auction Script 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Freelance Auction Script 1.0 stores user passwords in plaintext in the tbl_users table, which allows attackers to gain privileges by reading the table.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description | Freelance Auction Script 1.0 (browseproject.php) SQL Injection Vuln. CVE-2008-2278,CVE-2008-2279. Webapps exploit for php platform |
file | exploits/php/webapps/5613.txt |
id | EDB-ID:5613 |
last seen | 2016-01-31 |
modified | 2008-05-14 |
platform | php |
port | |
published | 2008-05-14 |
reporter | t0pP8uZz |
source | https://www.exploit-db.com/download/5613/ |
title | Freelance Auction Script 1.0 browseproject.php SQL Injection Vuln |
type | webapps |