Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6366

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6366
Last Modified 03 Mar 2009 12:00:00
Published 02 Mar 2009 11:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6366

Summary

SQL injection vulnerability in logon.jsp in Ad Server Solutions Affiliate Software Java 4.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, possibly related to the uname and pass parameters to logon_process.jsp. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Adserversolutions Affiliate Software Java 4.0


References

XF - affiliatesoftware-logon-sql-injection(47280)

BID - 32791

MILW0RM - 7423

SECUNIA - 33072

MISC - http://packetstorm.linuxsecurity.com/0812-exploits/affiliatesj-sql.txt


Last Updated: 27 May 2016 10:49:10