Unrated severityNVD Advisory· Published Aug 26, 2009· Updated Apr 23, 2026

CVE-2008-7091

Description

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

Affected products

Pligg/Pligg CMS3 versions
cpe:2.3:a:pligg:pligg_cms:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:pligg:pligg_cms:*:*:*:*:*:*:*:*range: <=9.9.0
- cpe:2.3:a:pligg:pligg_cms:9.5:*:*:*:*:*:*:*
- cpe:2.3:a:pligg:pligg_cms:9.9.0:beta:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.gulftech.orgnvdExploit
www.securityfocus.com/bid/30458nvdExploit
www.osvdb.org/50189nvd
www.osvdb.org/50190nvd
www.osvdb.org/50191nvd
www.osvdb.org/50192nvd
www.osvdb.org/50193nvd
www.osvdb.org/50194nvd
www.osvdb.org/50195nvd
www.osvdb.org/50196nvd
www.osvdb.org/50197nvd
www.osvdb.org/50198nvd
www.securityfocus.com/archive/1/494987/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/44193nvd
www.exploit-db.com/exploits/6173nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000