SQL injection vulnerability in index.php in Vacation Rental Script 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sections action.

Published : 2008-08-12 19:41 Updated : 2017-09-29 01:31

CVSS Score More info
Score 7.5 / 10
Vendor Product Version URI
Vacation Rentals Vacation Rental Script 3.0 cpe:/a:vacation_rentals:vacation_rental_script:3.0
  1. Vacation Rentals (1) Search CVE
    1. Vacation Rental Script (1) Search CVE
      1. 3.0


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes