Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6383

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2008-6383
Last Modified 14 May 2009 01:33:48
Published 02 Mar 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2008-6383

Summary

SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Drupal Storm 5.x-1.1

  • Drupal Storm 5.x-1.10

  • Drupal Storm 5.x-1.11

  • Drupal Storm 5.x-1.12

  • Drupal Storm 5.x-1.13

  • Drupal Storm 5.x-1.2

  • Drupal Storm 5.x-1.3

  • Drupal Storm 5.x-1.4

  • Drupal Storm 5.x-1.5

  • Drupal Storm 5.x-1.6

  • Drupal Storm 5.x-1.7

  • Drupal Storm 5.x-1.8

  • Drupal Storm 5.x-1.9

  • Drupal Storm 5.x-1.x-dev

  • Drupal Storm 6.x-1.0

  • Drupal Storm 6.x-1.1

  • Drupal Storm 6.x-1.10

  • Drupal Storm 6.x-1.11

  • Drupal Storm 6.x-1.12

  • Drupal Storm 6.x-1.13

  • Drupal Storm 6.x-1.14

  • Drupal Storm 6.x-1.15

  • Drupal Storm 6.x-1.16

  • Drupal Storm 6.x-1.17

  • Drupal Storm 6.x-1.2

  • Drupal Storm 6.x-1.3

  • Drupal Storm 6.x-1.4

  • Drupal Storm 6.x-1.5

  • Drupal Storm 6.x-1.6

  • Drupal Storm 6.x-1.7

  • Drupal Storm 6.x-1.8

  • Drupal Storm 6.x-1.9

  • Drupal Storm 6.x-1.x-dev


References

BID - 32626

CONFIRM - http://drupal.org/node/342246

XF - storm-unspecified-sql-injection(47077)

SECUNIA - 32978


Last Updated: 27 May 2016 10:49:10