CVE-2008-1496 Information

Description

Multiple SQL injection vulnerabilities in PEEL possibly 3.x and earlier allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

Reference

http://realn.free.fr/releases/70207 http://secunia.com/advisories/29466 http://www.securityfocus.com/bid/28346 https://exchange.xforce.ibmcloud.com/vulnerabilities/41341 https://exchange.xforce.ibmcloud.com/vulnerabilities/41353 https://www.exploit-db.com/exploits/5281