Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7085

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7085
Last Modified 26 Aug 2009 12:00:00
Published 26 Aug 2009 10:24:16
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7085

Summary

Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.

Vulnerable Systems

Application

  • Thehockeystop Hockeystats Online 2.0


References

XF - hockeystats-online-index-sql-injection(43852)

BID - 30248

MILW0RM - 6084


Last Updated: 27 May 2016 10:49:28