CVE-2008-5075 Information

Description

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO) when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php (b) file.php (c) mail.php (d) thumb.php (e) zip.php and (f) zipit.php and (2) the view parameter to (g) browser.php.

Reference

http://securityreason.com/securityalert/4596 http://www.securityfocus.com/bid/31445 https://exchange.xforce.ibmcloud.com/vulnerabilities/45487 https://www.exploit-db.com/exploits/6596