CVE-2008-4889 Information

Description

SQL injection vulnerability in index.php in deV!L’z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.

Reference

http://osvdb.org/49500 http://secunia.com/advisories/32458 http://securityreason.com/securityalert/4552 http://www.securityfocus.com/bid/32049 http://www.vupen.com/english/advisories/2008/2974 https://exchange.xforce.ibmcloud.com/vulnerabilities/46268 https://www.exploit-db.com/exploits/6961