CVE-2008-5632

Active Time Billing 3.2 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Account.asp in Active Time Billing 3.2 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, possibly related to start.asp. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by AlpHaNiX · textwebappsphp

https://www.exploit-db.com/exploits/7301

View Code ZIP pw:eip

exploitdb WORKING POC

webappsasp

https://www.exploit-db.com/exploits/7273

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://secunia.com/advisories/32895

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/3295

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7301

Scores

EPSS 0.0056

EPSS Percentile 68.3%

Details

CWE

CWE-89

Status published

Products (1)

activewebsoftwares/active_time_billing 3.2

Published Dec 17, 2008

Tracked Since Feb 18, 2026