CVE-2008-5958

Sažetak

Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote attackers to execute arbitrary SQL commands via the QuizID parameter to (1) questions.asp, (2) importquestions.asp, and (3) quiztakers.asp.

Reference

http://osvdb.org/50405
http://osvdb.org/50406
http://osvdb.org/50407
http://secunia.com/advisories/32902
http://www.securityfocus.com/bid/32547
http://www.vupen.com/english/advisories/2008/3299
https://exchange.xforce.ibmcloud.com/vulnerabilities/46919
https://www.exploit-db.com/exploits/7295

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:32

Objavljeno

23-01-2009 - 19:00