Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6632

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6632
Last Modified 07 Apr 2009 12:00:00
Published 07 Apr 2009 10:17:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6632

Summary

SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header ($_SERVER['HTTP_USER_AGENT']).

Vulnerable Systems

Application

  • Mercuryboard 1.0

  • Mercuryboard 1.1

  • Mercuryboard 1.1.1

  • Mercuryboard 1.1.2

  • Mercuryboard 1.1.5


References

XF - mercuryboard-login-sql-injection(42519)

BID - 29280

MILW0RM - 5653


Last Updated: 27 May 2016 10:49:16