Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2862

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2862
Last Modified 14 Apr 2009 01:32:51
Published 25 Jun 2008 08:36:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2862

Summary

Multiple SQL injection vulnerabilities in eLineStudio Site Composer (ESC) 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to ansFAQ.asp and the (2) template_id parameter to preview.asp.

Vulnerable Systems

Application

  • Elinestudio Site Composer 2.6


References

XF - esc-ansfaq-preview-sql-injection(43190)

BID - 29812

BUGTRAQ - 20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

MILW0RM - 5859

MISC - http://www.bugreport.ir/?/45

SREASON - 3957

SECUNIA - 30762

OSVDB - 46461


Last Updated: 27 May 2016 10:48:00