Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2190

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-2190
Last Modified 03 Jun 2009 01:18:59
Published 14 May 2008 01:20:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-2190

Summary

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

Vulnerable Systems

Application

  • Romedchim International Srl Online Rent Property Script 4.2

  • Romedchim International Srl Online Rent Property Script 4.3

  • Romedchim International Srl Online Rent Property Script 4.4

  • Romedchim International Srl Online Rent Property Script 4.5


References

XF - onlinerental-index-sql-injection(42191)

VUPEN - ADV-2009-1366

BID - 35005

BID - 29052

BUGTRAQ - 20080508 Re: [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability

BUGTRAQ - 20080505 [ECHO_ADV_91$2008] Online Rental Property Script <= 4.5 (pid) Blind Sql Injection Vulnerability

MILW0RM - 8711

MILW0RM - 5542

SREASON - 3875

SECUNIA - 35147

SECUNIA - 30090


Last Updated: 27 May 2016 10:47:47