Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2692

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2692
Last Modified 14 Apr 2009 01:32:27
Published 13 Jun 2008 03:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2692

Summary

SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.

Vulnerable Systems

Application

  • Joomla Com Yvcomment 1.1

  • Joomla Com Yvcomment 1.10

  • Joomla Com Yvcomment 1.11

  • Joomla Com Yvcomment 1.12

  • Joomla Com Yvcomment 1.13

  • Joomla Com Yvcomment 1.14

  • Joomla Com Yvcomment 1.15

  • Joomla Com Yvcomment 1.16

  • Joomla Com Yvcomment 1.2

  • Joomla Com Yvcomment 1.3

  • Joomla Com Yvcomment 1.4

  • Joomla Com Yvcomment 1.5

  • Joomla Com Yvcomment 1.6

  • Joomla Com Yvcomment 1.7

  • Joomla Com Yvcomment 1.8

  • Joomla Com Yvcomment 1.9


References

XF - yvcomment-index-sql-injection(42920)

BID - 29596

MILW0RM - 5755

SECUNIA - 30567


Last Updated: 27 May 2016 10:47:57