CVE-2008-5751

AlstraSoft Web Email Script Enterprise - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in AlstraSoft Web Email Script Enterprise (ESE) allows remote attackers to execute arbitrary SQL commands via the id parameter in a directory action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/15335

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Bgh7 · textwebappsphp

https://www.exploit-db.com/exploits/7596

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4824

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/33033

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7596

Scores

EPSS 0.0045

EPSS Percentile 63.8%

Details

CWE

CWE-89

Status published

Products (1)

alstrasoft/web_email_script_enterprise _nil_

Published Dec 30, 2008

Tracked Since Feb 18, 2026