Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2231

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2231
Last Modified 10 Feb 2009 01:48:33
Published 05 Jun 2008 04:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2231

Summary

SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.

Vulnerable Systems

Application

  • Slashcode.com Slash R 2 5 0 94


References

XF - slash-id-sql-injection(42880)

CONFIRM - http://www.slashcode.com/article.pl?sid=08/01/07/2314232

CONFIRM - http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4

SECTRACK - 1020206

BID - 29548

DEBIAN - DSA-1633

CONFIRM - http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225

SREASON - 3923

SECUNIA - 31691

SECUNIA - 30551

MLIST - [oss-security] 20080604 Re: CVE id request: slash

MLIST - [oss-security] 20080604 CVE id request: slash

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499


Last Updated: 27 May 2016 10:47:48