Unrated severityNVD Advisory· Published Nov 14, 2008· Updated Apr 23, 2026

CVE-2008-5075

Description

Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka Uploader PRO), when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) img.php, (b) file.php, (c) mail.php, (d) thumb.php, (e) zip.php, and (f) zipit.php, and (2) the view parameter to (g) browser.php.

Affected products

Scriptsfrenzy/E Uploader Pro
cpe:2.3:a:scriptsfrenzy:e-uploader_pro:1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/31445nvdExploit
securityreason.com/securityalert/4596nvd
exchange.xforce.ibmcloud.com/vulnerabilities/45487nvd
www.exploit-db.com/exploits/6596nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000