Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0943

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-0943
Last Modified 05 Mar 2009 12:00:00
Published 25 Feb 2008 04:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-0943

Summary

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.

Vulnerable Systems

Application

  • Aeries Student Information System 3.7.2.2

  • Aeries Student Information System 3.8.2.8


References

XF - abi-fcterm-sql-injection(40757)

BID - 27924

BUGTRAQ - 20080221 aeries browser interface(ABI) 3.7.2.2 Remote SQL Injection

SREASON - 3696

SECUNIA - 29053


Last Updated: 27 May 2016 10:46:58