Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2890

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2890
Last Modified 14 Apr 2009 01:32:55
Published 27 Jun 2008 02:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2890

Summary

Multiple SQL injection vulnerabilities in Online Fantasy Football League (OFFL) 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fflteam_id parameter to teams.php, the (2) league_id parameter to leagues.php, and the (3) player_id parameter to players.php.

Vulnerable Systems

Application

  • Offl Online Fantasy Football League 0.2.6


References

XF - offl-teams-sql-injection(43259)

BID - 29861

SREASON - 3960

SECUNIA - 30795

MILW0RM - 5889


Last Updated: 27 May 2016 10:48:01