Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3762

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3762
Last Modified 29 Jan 2009 01:54:21
Published 21 Aug 2008 01:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3762

Summary

SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

Vulnerable Systems

Application

  • Turnkeywebtools Php Live Helper 2.0

  • Turnkeywebtools Php Live Helper 2.0.1


References

XF - phplivehelper-dep-sql-injection(44568)

BID - 30729

BUGTRAQ - 20080816 PHP Live Helper <= 2.0.1 Multiple Vulnerabilities

MILW0RM - 6261

MISC - http://www.gulftech.org/?node=research&article_id=00124-08162008

SREASON - 4178

SECUNIA - 31521


Last Updated: 27 May 2016 10:48:18