Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3345

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2008-3345
Last Modified 29 Jan 2009 01:53:06
Published 28 Jul 2008 12:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-3345

Summary

SQL injection vulnerability in staticpages/easyecards/index.php in MyioSoft EasyE-Cards 3.5 trial edition (tr) and 3.10a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the sid parameter in a pickup action.

Vulnerable Systems

Application

  • Myiosoft Easye-cards 3.10

  • Myiosoft Easye-cards 3.5


References

XF - easyecards-sid-sql-injection(43924)

BID - 30328

SREASON - 4049

SECUNIA - 31192

BUGTRAQ - 20080719 Easyecards 310a Multipe Vulerabilities ( Xss / Sql Injection Exploit / File Disclosure Exploit ) By Khashayar Fereidani


Last Updated: 27 May 2016 10:48:10