Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0385

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0385
Last Modified 05 Sep 2008 05:34:55
Published 29 Feb 2008 02:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0385

Summary

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with (1) statprt/js/request or (2) dyn/js/request in the PATH_INFO.

Vulnerable Systems

Application

  • Urulu 2.1


References

BID - 28032

BUGTRAQ - 20080228 Urulu 2.1 Blind SQL Injection Vulnerability (CVE-2008-0385)

MISC - http://www.csnc.ch/misc/files/advisories/CVE-2008-0385.txt

SREASON - 3707

SECUNIA - 29162


Last Updated: 27 May 2016 10:46:47