Unrated severityNVD Advisory· Published Mar 10, 2008· Updated Apr 23, 2026

CVE-2008-1272

Description

Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

Affected products

Bmscripts/Bm Classifieds
cpe:2.3:a:bmscripts:bm_classifieds:*:*:*:*:*:*:*:*
Range: <=20080309

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/29297nvd
www.securityfocus.com/bid/28159nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41066nvd
www.exploit-db.com/exploits/5223nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000