Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3374

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3374
Last Modified 10 Sep 2008 09:12:32
Published 30 Jul 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3374

Summary

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.

Vulnerable Systems

Application

  • Gregarius 0.2.4

  • Gregarius 0.3.0

  • Gregarius 0.3.2

  • Gregarius 0.3.4

  • Gregarius 0.3.6

  • Gregarius 0.3.8

  • Gregarius 0.4.0

  • Gregarius 0.4.2

  • Gregarius 0.5.0

  • Gregarius 0.5.2

  • Gregarius 0.5.4


References

XF - gregarius-ajax-sql-injection(44054)

BID - 30423

BUGTRAQ - 20080729 Gregarius <= 0.5.4 SQL Injection

MILW0RM - 6159

MISC - http://www.gulftech.org/?node=research&article_id=00119-07302008

CONFIRM - http://svn.gregarius.net/trac/changeset/1788/trunk/gregarius/ajax.php

SECUNIA - 31260


Last Updated: 27 May 2016 10:48:10