Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2902


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-2902
Last Modified 08 Apr 2009 01:27:12
Published 30 Jun 2008 02:24:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The que_id parameter to forum_answer.php is already covered by CVE-2007-4085.

Vulnerable Systems


  • Alstrasoft Askme Pro 2.1


XF - askmepro-profile-sql-injection(43106)

BID - 29732

MILW0RM - 5821

SECUNIA - 30672

Last Updated: 27 May 2016 10:48:01