Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6653

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-6653
Last Modified 19 Aug 2009 01:24:13
Published 07 Apr 2009 10:17:18
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-6653

Summary

SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Vulnerable Systems

Application

  • Wh-com Com Webhosting 0.5

  • Wh-com Com Webhosting 0.5.3

  • Wh-com Com Webhosting 0.5.4

  • Wh-com Com Webhosting 0.5.5

  • Wh-com Com Webhosting 0.5.6

  • Wh-com Com Webhosting 1.0

  • Wh-com Com Webhosting 1.0.1

  • Wh-com Com Webhosting 1.1


References

XF - webhosting-catid-sql-injection(42124)

BID - 29000

MILW0RM - 5527

OSVDB - 50423

CONFIRM - http://forum.wh-com.de/index.php?topic=497.0


Last Updated: 27 May 2016 10:49:16