Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6641

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-6641
Last Modified 07 Apr 2009 12:00:00
Published 07 Apr 2009 10:17:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-6641

Summary

Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp.

Vulnerable Systems

Application

  • Aspindir Shader Tv


References

XF - shadertv-sid-sql-injection(42261)

BID - 29091

MILW0RM - 5564


Last Updated: 27 May 2016 10:49:16