Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7091

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7091
Last Modified 26 Aug 2009 12:00:00
Published 26 Aug 2009 10:24:17
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7091

Summary

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

Vulnerable Systems

Application

  • Pligg Cms 9.5

  • Pligg Cms 9.9.0


References

XF - pligg-multiple-sql-injection(44193)

BID - 30458

BUGTRAQ - 20080730 Pligg <= 9.9.0 Multiple Vulnerabilities

OSVDB - 50198

OSVDB - 50197

OSVDB - 50196

OSVDB - 50195

OSVDB - 50194

OSVDB - 50193

OSVDB - 50192

OSVDB - 50191

OSVDB - 50190

OSVDB - 50189

MILW0RM - 6173

MISC - http://www.gulftech.org/?node=research&article_id=00120-07312008


Last Updated: 27 May 2016 10:49:28