VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 6, 2008· Updated Apr 23, 2026

CVE-2008-2562

CVE-2008-2562

Description

SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.

Affected products

4
  • Powerphlogger/Powerphlogger4 versions
    cpe:2.3:a:powerphlogger:powerphlogger:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:powerphlogger:powerphlogger:*:*:*:*:*:*:*:*range: <=2.2.5
    • cpe:2.3:a:powerphlogger:powerphlogger:2.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:powerphlogger:powerphlogger:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:powerphlogger:powerphlogger:2.2.2a:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.