Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2774

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2774
Last Modified 07 Mar 2011 10:09:44
Published 19 Jun 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2774

Summary

SQL injection vulnerability in item.php in CartKeeper CKGold Shopping Cart 2.5 and 2.7 allows remote attackers to execute arbitrary SQL commands via the category_id parameter, a different vector than CVE-2007-4736.

Vulnerable Systems

Application

  • Cartkeeper Ckgold Shopping Cart 2.5

  • Cartkeeper Ckgold Shopping Cart 2.7


References

XF - ckgold-item-sql-injection(42646)

VUPEN - ADV-2008-1677

MILW0RM - 5678

SECUNIA - 30392


Last Updated: 27 May 2016 10:47:58