CVE-2008-2190 Information

Description

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

Reference

http://advisories.echo.or.id/adv/adv91-K-159-2008.txt http://secunia.com/advisories/30090 http://secunia.com/advisories/35147 http://securityreason.com/securityalert/3875 http://www.securityfocus.com/archive/1/491607/100/0/threaded http://www.securityfocus.com/archive/1/491816/100/0/threaded http://www.securityfocus.com/bid/29052 http://www.securityfocus.com/bid/35005 http://www.vupen.com/english/advisories/2009/1366 https://exchange.xforce.ibmcloud.com/vulnerabilities/42191 https://www.exploit-db.com/exploits/5542 https://www.exploit-db.com/exploits/8711