cpe:/a:icash:click%26rank:_nil_ CVE-2008-5888 2009-01-12T15:00:02.437-05:00 2017-09-28T21:32:51.807-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-01-12T16:21:00.000-05:00 ALLOWS_OTHER_ACCESS BID 32854 SECUNIA 33154 SREASON 4902 EXPLOIT-DB 7486 Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.