Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2446

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2446
Last Modified 05 Sep 2008 12:00:00
Published 27 May 2008 10:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2446

Summary

Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php.

Vulnerable Systems

Application

  • Wgcc Web Group Communication Center 1.0.3 Prerelease1


References

XF - wgcc-multiple-sql-injection(42385)

BID - 29188

MILW0RM - 5606

SECUNIA - 30235


Last Updated: 27 May 2016 10:47:52