Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1272

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1272
Last Modified 05 Sep 2008 05:37:18
Published 10 Mar 2008 07:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1272

Summary

Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

Vulnerable Systems

Application

  • Bmscripts Bm Classifieds 20080309


References

MILW0RM - 5223

SECUNIA - 29297

XF - bmclassifieds-showad-sql-injection(41066)

BID - 28159


Last Updated: 27 May 2016 10:47:05