CVE-2008-3762 Information

Description

SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter related to lack of input sanitization in the get function in global.php.

Reference

http://secunia.com/advisories/31521 http://securityreason.com/securityalert/4178 http://www.gulftech.org/?node=research&article_id=00124-08162008 http://www.securityfocus.com/archive/1/495542/100/0/threaded http://www.securityfocus.com/bid/30729 https://exchange.xforce.ibmcloud.com/vulnerabilities/44568 https://www.exploit-db.com/exploits/6261