Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1726

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-1726
Last Modified 05 Sep 2008 12:00:00
Published 11 Apr 2008 03:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1726

Summary

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

Vulnerable Systems

Application

  • Myknowledgequest Knowledgequest 2.6


References

XF - knowledgequest-kqid-username-sql-injection(41746)

BID - 28716

BID - 28713

OSVDB - 44256

OSVDB - 44255

OSVDB - 44254

MILW0RM - 5421

SECUNIA - 29716


Last Updated: 27 May 2016 10:47:38