Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6282

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-6282
Last Modified 07 Mar 2011 10:16:04
Published 25 Feb 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6282

Summary

SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.

Vulnerable Systems

Application

  • Ortus.nirn Cms Ortus 1.10.1

  • Ortus.nirn Cms Ortus 1.11

  • Ortus.nirn Cms Ortus 1.12

  • Ortus.nirn Cms Ortus 1.13


References

CONFIRM - http://ortus.nirn.ru/index.php?ortupg=16

XF - cmsortus-index-sql-injection(46886)

VUPEN - ADV-2008-3272

BID - 32486

MILW0RM - 7237

SECUNIA - 32899

OSVDB - 50312

XF - cmsortus-city-sql-injection(46886)


Last Updated: 27 May 2016 10:49:59