Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2446


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2446
Last Modified 05 Sep 2008 12:00:00
Published 27 May 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php.

Vulnerable Systems


  • Wgcc Web Group Communication Center 1.0.3 Prerelease1


XF - wgcc-multiple-sql-injection(42385)

BID - 29188

MILW0RM - 5606

SECUNIA - 30235

Last Updated: 27 May 2016 10:47:52