SQL injection vulnerability in page.php in FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2008-0328
Probability of exploitation activity in the next 30 days: 0.11%
CVSS scores for CVE-2008-0328
CWE ids for CVE-2008-0328
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.Assigned by: firstname.lastname@example.org (Primary)