CVE-2008-7091 in Pligginfo

Zusammenfassung

von MITRE

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Reservieren

26.08.2009

Veröffentlichung

26.08.2009

Moderieren

akzeptiert

Eintrag

VDB-49668

CPE

bereit

CWE

CWE-89 (bestätigt)

Exploit

Download

CVSS

7.5 (NVD)

EPSS

0.02098

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider, Agriculture, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-7091
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-7091
CVE Details	https://www.cvedetails.com/cve/CVE-2008-7091/

◂ Zurück Übersicht Weiter ▸

Want to know what is going to be exploited?

We predict KEV entries!