CVE-2008-4303

Published: Dec 23, 2008Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and earlier allow remote attackers to execute arbitrary SQL commands via the loginForm parameter to general/login.php, and unspecified other vectors.

Affected (4)

Products: Php Collab: Php Collab

Php Collab

1 product

Php Collab

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Php Collab Php Collab	Up to 2.5
Php Collab Php Collab	Version 2.2
Php Collab Php Collab	Version 2.3
Php Collab Php Collab	Version 2.4

Related CWEs

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

References (12)

http://bugs.gentoo.org/show_bug.cgi?id=235052

Source: secalert@redhat.com

http://secunia.com/advisories/19449

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/33258

Source: secalert@redhat.com

Vendor Advisory

http://security.gentoo.org/glsa/glsa-200812-20.xml

Source: secalert@redhat.com

http://www.securityfocus.com/bid/32964

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/47520

Source: secalert@redhat.com

http://bugs.gentoo.org/show_bug.cgi?id=235052