CVE-2008-1349

Sažetak

SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Reference

http://packetstormsecurity.org/0804-exploits/runcms11a-sql.txt
http://secunia.com/advisories/29359
http://secunia.com/advisories/29362
http://www.securityfocus.com/bid/28229
https://exchange.xforce.ibmcloud.com/vulnerabilities/41188
https://www.exploit-db.com/exploits/5244
https://www.exploit-db.com/exploits/5340

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

17-03-2008 - 16:44