Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6381

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2008-6381
Last Modified 04 Mar 2009 12:00:00
Published 02 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2008-6381

Summary

SQL injection vulnerability in modules/adresses/viewcat.php in bcoos 1.0.13, and possibly earlier, allows remote authenticated users with Addresses module permissions to execute arbitrary SQL commands via the cid parameter.

Vulnerable Systems

Application

  • Bcoos 1.0.10

  • Bcoos 1.0.11

  • Bcoos 1.0.12

  • Bcoos 1.0.13

  • Bcoos 1.0.9


References

XF - bcoos-viewcat-sql-injection(46973)

BID - 32561

MILW0RM - 7317

SECUNIA - 32870

OSVDB - 50373


Last Updated: 27 May 2016 10:49:10