Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2843

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2843
Last Modified 05 Sep 2008 05:41:23
Published 25 Jun 2008 08:36:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2843

Summary

Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

Vulnerable Systems

Application

  • Doitlive Cms 2.50


References

XF - doitlive-licence-sql-injection(43163)

XF - doitlive-default-sql-injection(43161)

BID - 29789

MILW0RM - 5849

MISC - http://www.bugreport.ir/?/43

SECUNIA - 30705


Last Updated: 27 May 2016 10:48:00