Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3845

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-3845
Last Modified 19 Aug 2009 01:18:43
Published 27 Aug 2008 07:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3845

Summary

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

Vulnerable Systems

Application

  • Craftysyntax Crafty Syntax Live Help 1.0

  • Craftysyntax Crafty Syntax Live Help 1.1

  • Craftysyntax Crafty Syntax Live Help 1.2

  • Craftysyntax Crafty Syntax Live Help 1.3

  • Craftysyntax Crafty Syntax Live Help 1.4

  • Craftysyntax Crafty Syntax Live Help 1.5

  • Craftysyntax Crafty Syntax Live Help 1.6

  • Craftysyntax Crafty Syntax Live Help 1.7

  • Craftysyntax Crafty Syntax Live Help 2.0

  • Craftysyntax Crafty Syntax Live Help 2.1

  • Craftysyntax Crafty Syntax Live Help 2.10.0

  • Craftysyntax Crafty Syntax Live Help 2.10.1

  • Craftysyntax Crafty Syntax Live Help 2.10.2

  • Craftysyntax Crafty Syntax Live Help 2.10.3

  • Craftysyntax Crafty Syntax Live Help 2.10.4

  • Craftysyntax Crafty Syntax Live Help 2.10.5

  • Craftysyntax Crafty Syntax Live Help 2.11.0

  • Craftysyntax Crafty Syntax Live Help 2.11.1

  • Craftysyntax Crafty Syntax Live Help 2.11.2

  • Craftysyntax Crafty Syntax Live Help 2.11.3

  • Craftysyntax Crafty Syntax Live Help 2.11.4

  • Craftysyntax Crafty Syntax Live Help 2.11.5

  • Craftysyntax Crafty Syntax Live Help 2.11.6

  • Craftysyntax Crafty Syntax Live Help 2.11.7

  • Craftysyntax Crafty Syntax Live Help 2.12.0

  • Craftysyntax Crafty Syntax Live Help 2.12.1

  • Craftysyntax Crafty Syntax Live Help 2.12.2

  • Craftysyntax Crafty Syntax Live Help 2.12.3

  • Craftysyntax Crafty Syntax Live Help 2.12.4

  • Craftysyntax Crafty Syntax Live Help 2.12.5

  • Craftysyntax Crafty Syntax Live Help 2.12.6

  • Craftysyntax Crafty Syntax Live Help 2.12.7

  • Craftysyntax Crafty Syntax Live Help 2.12.8

  • Craftysyntax Crafty Syntax Live Help 2.12.9

  • Craftysyntax Crafty Syntax Live Help 2.13.0

  • Craftysyntax Crafty Syntax Live Help 2.13.1

  • Craftysyntax Crafty Syntax Live Help 2.14.0

  • Craftysyntax Crafty Syntax Live Help 2.14.1

  • Craftysyntax Crafty Syntax Live Help 2.14.2

  • Craftysyntax Crafty Syntax Live Help 2.14.3

  • Craftysyntax Crafty Syntax Live Help 2.14.4

  • Craftysyntax Crafty Syntax Live Help 2.14.5

  • Craftysyntax Crafty Syntax Live Help 2.14.6


References

CONFIRM - http://security.craftysyntax.com/updates/?v=2.14.6

XF - crafty-syntax-isxmlhttp-sql-injection(44669)

BID - 30825

BUGTRAQ - 20080825 Crafty Syntax Live Help <= 2.14.6 SQL Injection

MILW0RM - 6307

MISC - http://www.gulftech.org/?node=research&article_id=00127-08252008

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=620878

SREASON - 4192

SECUNIA - 31573


Last Updated: 27 May 2016 10:48:19