CVE-2008-0538

Sažetak

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

Reference

http://marc.info/?l=full-disclosure&m=120139657100513&w=2
http://secunia.com/advisories/28656
http://www.securityfocus.com/archive/1/487122/100/0/threaded
http://www.securityfocus.com/bid/27468
http://www.vupen.com/english/advisories/2008/0346
https://exchange.xforce.ibmcloud.com/vulnerabilities/39965
https://www.exploit-db.com/exploits/4990

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

15-10-2018 - 22:01

Objavljeno

01-02-2008 - 20:00