Vulnonym.org

CVE-2008-2190 - Teratoid Excess

Description

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

Reference

http://advisories.echo.or.id/adv/adv91-K-159-2008.txt http://www.securityfocus.com/bid/29052 http://secunia.com/advisories/30090 http://securityreason.com/securityalert/3875 http://www.securityfocus.com/bid/35005 http://secunia.com/advisories/35147 http://www.vupen.com/english/advisories/2009/1366 https://exchange.xforce.ibmcloud.com/vulnerabilities/42191 https://www.exploit-db.com/exploits/8711 https://www.exploit-db.com/exploits/5542 http://www.securityfocus.com/archive/1/491816/100/0/threaded http://www.securityfocus.com/archive/1/491607/100/0/threaded