Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1464

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1464
Last Modified 26 Jul 2011 12:00:00
Published 24 Mar 2008 05:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1464

Summary

Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) query parameter to (a) search.php; (2) gusername and (3) gpassword parameters to (b) login.php; and the (4) username and (5) password parameters to (c) gadmin/index.php in a signin action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Vulnerable Systems

Application

  • Gallarific 1.1


References

SECUNIA - 29399


Last Updated: 27 May 2016 10:47:08