CVE-2008-6656 Information

Description

Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to listings.php and (2) the username field to login.php.

Reference

http://freshmeat.net/projects/openauto/releases/277061 http://osvdb.org/50255 http://osvdb.org/50256 http://www.securityfocus.com/bid/29027 https://exchange.xforce.ibmcloud.com/vulnerabilities/42158 https://www.exploit-db.com/exploits/5531