Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6204

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6204
Last Modified 07 Mar 2011 10:15:53
Published 19 Feb 2009 08:30:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6204

Summary

Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to secure/admin/guncelle.asp, (2) kulad and sifre parameters to secure/admin/giris.asp, and (3) username and password to secure/admin/default.asp.

Vulnerable Systems

Application

  • Supernet Shop 1.0


References

XF - supernetshop-guncelle-giris-sql-injection(41727)

VUPEN - ADV-2008-1161

BID - 28709

MILW0RM - 5409


Last Updated: 27 May 2016 10:49:06