Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3563

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3563
Last Modified 22 Oct 2012 12:00:00
Published 10 Aug 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3563

Summary

Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.

Vulnerable Systems

Application

  • Plogger 1.0

  • Plogger 2.0

  • Plogger 2.1

  • Plogger 3.0


References

XF - plogger-plogdownload-sql-injection(44233)

BID - 30547

BUGTRAQ - 20080805 Plogger <= 3.0 SQL Injection

MILW0RM - 6204

MISC - http://www.gulftech.org/?node=research&article_id=00121-08042008

SREASON - 4121

CONFIRM - http://dev.plogger.org/changeset/569


Last Updated: 27 May 2016 10:53:40