CVE-2008-1496

Sažetak

Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and (c) the facture action in factures/facture_html.php.

Reference

http://realn.free.fr/releases/70207
http://secunia.com/advisories/29466
http://www.securityfocus.com/bid/28346
https://exchange.xforce.ibmcloud.com/vulnerabilities/41341
https://exchange.xforce.ibmcloud.com/vulnerabilities/41353
https://www.exploit-db.com/exploits/5281

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

25-03-2008 - 19:44