CVE-2011-2944

Megalab The Uploader < 2.0.4 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in login.php in MegaLab The Uploader before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC

by Danny Moules · rubywebappsphp

https://www.exploit-db.com/exploits/18518

View Code ZIP pw:eip

References (7)

[Exploit] http://www.securityfocus.com/bid/52156

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/73471

[Exploit] http://packetstormsecurity.org/files/110166/The-Uploader-2.0.4-Eng-Ita-Remote-File-Upload.html

[Third Party Advisory, VDB Entry] http://osvdb.org/79508

[Third Party Advisory] http://secunia.com/advisories/48141

[Patch, Vendor Advisory] http://sourceforge.net/p/theuploader/news/2011/07/the-uploader-205-released

[Exploit] http://www.exploit-db.com/exploits/18518

Scores

EPSS 0.0583

EPSS Percentile 90.6%

Details

CWE

CWE-89

Status published

Products (1)

megalab/the_uploader < 2.0.4

Published Aug 12, 2014

Tracked Since Feb 18, 2026