CVE-2008-6369

Ocean12tech Contact Manager Pro - SQL Injection

Title source: rule

Description

SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Pouya_Server · textwebappsphp

https://www.exploit-db.com/exploits/7244

View Code ZIP pw:eip

References (5)

[Exploit] http://osvdb.org/50316

[Vendor Advisory] http://secunia.com/advisories/32903

[Exploit] http://www.securityfocus.com/bid/32502

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/46961

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7244

Scores

EPSS 0.0040

EPSS Percentile 60.1%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

ocean12tech/contact_manager_pro

Timeline

Published Mar 02, 2009

Tracked Since Feb 18, 2026