Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4889

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-4889
Last Modified 26 Feb 2009 02:02:07
Published 03 Nov 2008 07:57:08
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-4889

Summary

SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action.

Vulnerable Systems

Application

  • Dev%21l%27s Clanportal 1.2.5

  • Dev%21l%27s Clanportal 1.3.6

  • Dev%21l%27s Clanportal 1.4.9.6


References

XF - clanportal-users-sql-injection(46268)

VUPEN - ADV-2008-2974

BID - 32049

MILW0RM - 6961

SREASON - 4552

SECUNIA - 32458

OSVDB - 49500


Last Updated: 27 May 2016 10:48:39