osCommerce Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0719)

Description

SQL injection vulnerability in customer_testimonials.php in the Customer Testimonials 3 and 3.1 Addon for osCommerce Online Merchant 2.2 allows remote attackers to execute arbitrary SQL commands via the testimonial_id parameter.

Remediation

References

CVE-2008-0719

Related Vulnerabilities

Sqlite Integer Overflow or Wraparound Vulnerability (CVE-2025-29087)

WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability (0.6.2 - 2.8.3)

WordPress Plugin WP-DBManager 'wp-config.php' Arbitrary File Download (2.60)

WordPress Plugin VaultPress Man-in-The-Middle (MiTM) Remote Code Execution (1.8.6)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2019-14820)

Severity

High

Classification

CVE-2008-0719 CWE-138