Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6266

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6266
Last Modified 25 Feb 2009 12:00:00
Published 25 Feb 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6266

Summary

SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.

Vulnerable Systems

Application

  • Appstate Phpwebsite 0.7.3

  • Appstate Phpwebsite 0.8.2

  • Appstate Phpwebsite 0.8.3

  • Appstate Phpwebsite 0.9.3

  • Appstate Phpwebsite 0.9.3-1

  • Appstate Phpwebsite 0.9.3-2

  • Appstate Phpwebsite 0.9.3-3

  • Appstate Phpwebsite 0.9.3-4


References

XF - phpwebsite-links-sql-injection(46298)

BID - 32011

BUGTRAQ - 20081031 phpWebSite links.php Sql Injection


Last Updated: 27 May 2016 10:49:08