Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1219

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1219
Last Modified 05 Sep 2008 05:37:09
Published 10 Mar 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1219

Summary

SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the kid parameter in a hadisgoster action to modules.php.

Vulnerable Systems

Application

  • Phpnuke Kutubisitte Component 1.1


References

XF - kutubisitte-kid-sql-injection(41036)

BID - 28126

BUGTRAQ - 20080306 PHP-Nuke KutubiSitte "kid" SQL Injection

MISC - http://www.rbt-4.net/forum/viewthread.php?forum_id=51&thread_id=3058

SECUNIA - 29279

BUGTRAQ - 20080306 PHP-Nuke KutubiSitte "kid" SQL Injection exploit code adding

SREASON - 3722


Last Updated: 27 May 2016 10:47:04