Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6614

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6614
Last Modified 01 Oct 2009 01:18:18
Published 06 Apr 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6614

Summary

Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).

Vulnerable Systems

Application

  • Impliedbydesign Ibd Micro Cms 3.5


References

XF - microcms-microcmsadmin-sql-injection(53272)

XF - ibdmicrocms-microcmsadmin-sql-injection(42539)

MISC - http://www.securityfocus.com/bid/29159/exploit

BID - 29159

MILW0RM - 9699

MISC - http://wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt

OSVDB - 51298

FULLDISC - 20080512 [SkyOut/Wired Security] SQL Injection in IDB Micro CMS 3.5 (Login Bypass)


Last Updated: 27 May 2016 10:49:16