CVE-2008-1726

Sažetak

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

Reference

http://secunia.com/advisories/29716
http://www.osvdb.org/44254
http://www.osvdb.org/44255
http://www.osvdb.org/44256
http://www.securityfocus.com/bid/28713
http://www.securityfocus.com/bid/28716
https://exchange.xforce.ibmcloud.com/vulnerabilities/41746
https://www.exploit-db.com/exploits/5421

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:30

Objavljeno

11-04-2008 - 19:05