Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3491

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3491
Last Modified 18 Mar 2009 01:40:34
Published 06 Aug 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3491

Summary

SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

Vulnerable Systems

Application

  • Scripts24 Ipost 1.0.1

  • Scripts24 Itgp 1.0.4


References

XF - ipost-go-sql-injection(44176)

XF - itgp-go-sql-injection(44175)

BID - 30505

BID - 30504

MILW0RM - 6186

MILW0RM - 6185

SREASON - 4117

SECUNIA - 31345

SECUNIA - 31344

OSVDB - 47333


Last Updated: 27 May 2016 10:48:12