Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4157

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-4157
Last Modified 23 Mar 2015 09:59:07
Published 22 Sep 2008 02:34:15
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4157

Summary

SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.

Vulnerable Systems

Application

  • Vastal I-tech Phpvid 1.1

  • Vastal Phpvid 1.1


References

XF - phpvid-groups-sql-injection(45028)

VUPEN - ADV-2008-2552

BID - 31108

MILW0RM - 6422

SREASON - 4291

SECUNIA - 31761

EXPLOIT-DB - 27519

MISC - http://packetstormsecurity.com/files/122746/PHP-VID-XSS-SQL-Injection-CRLF-Injection.html

OSVDB - 48018

MISC - http://tetraph.com/security/sql-injection-vulnerability/vastal-i-tech-phpvid-1-2-3-sql-injection-security-vulnerabilities/

FULLDISC - 20150310 Vastal I-tech phpVID 1.2.3 SQL Injection Security Vulnerabilities

MISC - http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.html


Last Updated: 27 May 2016 11:08:09