CVE-2008-3212

Scripteen Free Image Hosting Script 1.2.1 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting Script 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/login.php, or the (3) uname or (4) pass parameter to login.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED
by RMx · phpwebappsphp
https://www.exploit-db.com/exploits/6070

References (3)

Scores

EPSS 0.0023
EPSS Percentile 46.2%

Details

CWE
CWE-89
Status published
Products (1)
scripteen/free_image_hosting_script 1.2.1
Published Jul 18, 2008
Tracked Since Feb 18, 2026