CVE-2008-3861

Sažetak

Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in pages.php and (2) the price_max parameter in search.php.

Reference

http://secunia.com/advisories/31613
http://securityreason.com/securityalert/4198
http://www.securityfocus.com/bid/30862
https://exchange.xforce.ibmcloud.com/vulnerabilities/44720
https://www.exploit-db.com/exploits/6320

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:31

Objavljeno

29-08-2008 - 16:41