Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2562

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-2562
Last Modified 10 Sep 2008 09:10:51
Published 06 Jun 2008 02:32:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-2562

Summary

SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the css_str parameter in an edit action.

Vulnerable Systems

Application

  • Powerphlogger 2.0.9

  • Powerphlogger 2.2.1

  • Powerphlogger 2.2.2a

  • Powerphlogger 2.2.5


References

MILW0RM - 5744

XF - powerphlogger-edcss-sql-injection(42870)

BID - 29566

SECUNIA - 30423


Last Updated: 27 May 2016 10:47:54