Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2753

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2753
Last Modified 14 Apr 2009 01:32:36
Published 18 Jun 2008 06:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2753

Summary

Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) xslIdn parameter to (a) utils/getXsl.aspx, and the (2) part parameter to (b) getXml.aspx and (c) getXls.aspx in utils/.

Vulnerable Systems

Application

  • Paridel Pooya Site Builder 6.0


References

XF - pooyasitebuilder-getxsl-sql-injection(43007)

BID - 29673

MILW0RM - 5788

SECUNIA - 30610

BUGTRAQ - 20080611 Pooya Site Builder (PSB) SQL Injection Vulnerabilities

MISC - http://bugreport.ir/index.php?/42


Last Updated: 27 May 2016 10:47:58