Description
Multiple SQL injection vulnerabilities in index.php in FamilyProject 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the logmbr parameter (aka login field) or (2) the mdpmbr parameter (aka pass or "Mot de passe" field). NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by The_5p3ctrum · textwebappsphp
https://www.exploit-db.com/exploits/7248
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46929
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32900
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/32501
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/50314
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/7248
Scores
EPSS
0.0049
EPSS Percentile
65.8%
Details
CWE
CWE-89
Status
published
Products (1)
mjcreation/familyproject
2.0
Published
Feb 25, 2009
Tracked Since
Feb 18, 2026