CVE-2008-4178

Sažetak

SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

Reference

http://packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt
http://packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt
http://packetstormsecurity.org/0809-exploits/newdownline-sql.txt
http://secunia.com/advisories/31812
http://www.securityfocus.com/bid/31169
http://www.vupen.com/english/advisories/2008/2992
http://www.vupen.com/english/advisories/2008/2993
http://www.vupen.com/english/advisories/2008/2994
http://www.vupen.com/english/advisories/2008/2995
https://exchange.xforce.ibmcloud.com/vulnerabilities/45128
https://www.exploit-db.com/exploits/6946
https://www.exploit-db.com/exploits/6947
https://www.exploit-db.com/exploits/6950
https://www.exploit-db.com/exploits/6951

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

23-09-2008 - 15:25