Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Published : 2010-02-11 17:30 Updated : 2017-08-17 01:32

CVSS Score More info
Score 7.5 / 10
Vendor Product Version URI
Baalsystems Baal Systems 3.8 cpe:/a:baalsystems:baal_systems:3.8
Baalsystems Baal Systems 3.7 cpe:/a:baalsystems:baal_systems:3.7
Baalsystems Baal Systems 3.6 cpe:/a:baalsystems:baal_systems:3.6
  1. Baalsystems (1) Search CVE
    1. Baal Systems (3) Search CVE
      1. 3.8
      2. 3.7
      3. 3.6


ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2017-08-17 06:20
2010-02-11 17:30