Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3591

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3591
Last Modified 29 Jan 2009 01:53:55
Published 11 Aug 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3591

Summary

SQL injection vulnerability in lib/class.admin.php in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary SQL commands via the sym_auth cookie in a /publish/filemanager/ request to index.php.

Vulnerable Systems

Application

  • 21degrees Symphony 1.1

  • 21degrees Symphony 1.5

  • 21degrees Symphony 1.5.05

  • 21degrees Symphony 1.5.06

  • 21degrees Symphony 1.6.02

  • 21degrees Symphony 1.7

  • 21degrees Symphony 1.7.01


References

SECUNIA - 31293

CONFIRM - http://overture21.com/forum/comments.php?DiscussionID=1823

BID - 30477

MILW0RM - 6177

SREASON - 4137


Last Updated: 27 May 2016 10:48:14