Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6438

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6438
Last Modified 19 Aug 2009 01:23:49
Published 06 Mar 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6438

Summary

SQL injection vulnerability in macgurublog_menu/macgurublog.php in the MacGuru BLOG Engine plugin 2.2 for e107 allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2008-2455. NOTE: it was later reported that 2.1.4 is also affected.

Vulnerable Systems

Application

  • E107coders Macguru Blog Engine Plugin 2.2


References

XF - blogengine-macgurublog-sql-injection(42715)

VUPEN - ADV-2008-2468

BID - 29344

BUGTRAQ - 20080523 e107 Plugin BLOG Engine v2.2 (macgurublog.php/uid) Blind SQL Injection Vulnerability

MILW0RM - 6856

MILW0RM - 6346

MILW0RM - 5666

SECUNIA - 30212

OSVDB - 51408


Last Updated: 27 May 2016 10:49:12