Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1895

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-1895
Last Modified 05 Sep 2008 12:00:00
Published 18 Apr 2008 06:05:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1895

Summary

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.

Vulnerable Systems

Application

  • Carboncommunities Carbon Communities 1.0

  • Carboncommunities Carbon Communities 1.1

  • Carboncommunities Carbon Communities 2.1

  • Carboncommunities Carbon Communities 2.2

  • Carboncommunities Carbon Communities 2.3

  • Carboncommunities Carbon Communities 2.4


References

XF - carboncommunities-id-sql-injection(41845)

BID - 28806

BUGTRAQ - 20080416 Carbon Communities forum Multiple Vulnerabilities.

MILW0RM - 5456

SECUNIA - 29827

MISC - http://bugreport.ir/index.php?/35/exploit

MISC - http://bugreport.ir/index.php?/35


Last Updated: 27 May 2016 10:47:41