Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3302

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-3302
Last Modified 29 Jan 2009 01:52:56
Published 25 Jul 2008 09:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-3302

Summary

SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, when magic_quotes_gpc is disabled, allows remote authenticated administrators to execute arbitrary SQL commands via the num parameter.

Vulnerable Systems

Application

  • Tuxplanet Bilboblog 0.2.1


References

XF - bilboblog-delete-sql-injection(43765)

MILW0RM - 6073

SREASON - 4036

SECUNIA - 31054


Last Updated: 27 May 2016 10:48:09