Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7210


Vulnerability Score 7.5 7.5
CVE Id CVE-2008-7210
Last Modified 14 Sep 2009 12:00:00
Published 11 Sep 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



directory.php in AJchat 0.10 allows remote attackers to bypass input validation and conduct SQL injection attacks via a numeric parameter with a value matching the s parameter's hash value, which prevents the associated $_GET["s"] variable from being unset. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in AJChat.

Vulnerable Systems


  • Ming Han Ajchat 0.10


XF - ajchat-directory-sql-injection(39600)

BID - 27241

MILW0RM - 4890

Last Updated: 27 May 2016 10:49:30