What is CVE-2008-5788?

CVE-2008-5788 is a publicly disclosed cybersecurity vulnerability with a HIGH severity rating and CVSS score of 7.5.

How to search for CVE vulnerabilities?

You can search the 4nuxd CVE database using CVE IDs, vendor names, product names, or severity levels.

CVE-2008-5788 - HIGH Severity (7.5) | Free CVE Database

Published: December 31, 2008 at 11:30 AM

Modified: April 9, 2025 at 12:30 AM

Source: cve@mitre.org

Vulnerability Description

SQL injection vulnerability in index.php in Domain Seller Pro 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS Metrics

Base Score

7.5

Severity

HIGH

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses (CWE)

CWE-89

Source: nvd@nist.gov

AI Security Analysis

01 // Technical Summary

Domain Seller Pro 1.5 suffers from a critical SQL injection vulnerability, allowing attackers to inject malicious SQL commands through the id parameter in index.php. This can lead to complete compromise of the web application, including unauthorized access to sensitive data and potentially the underlying server.

02 // Vulnerability Mechanism

03 // Deep Technical Analysis

The vulnerability stems from a failure to properly sanitize user-supplied input before incorporating it into a SQL query. Specifically, the id parameter in index.php is directly concatenated into a SQL query without any form of input validation or escaping. This allows an attacker to inject malicious SQL code, such as UNION SELECT statements or commands to modify or retrieve data from the database. The root cause is a lack of input validation and parameterized queries, leading to SQL injection.