[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-2231

Date: (C)2008-06-05   (M)2017-08-08
 
CVSS Score: 7.5Access Vector: NETWORK
Exploitability Subscore: 10.0Access Complexity: LOW
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











SQL injection vulnerability in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) R_2_5_0_94 and earlier allows remote attackers to execute SQL commands and read table information via the id parameter.

Reference:
SECTRACK-1020206
BID-29548
SECUNIA-30551
SECUNIA-31691
SREASON-3923
DSA-1633
http://marc.info/?l=oss-security&m=121258731028005&w=2
http://marc.info/?l=oss-security&m=121260265427728&w=2
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484499
http://slashcode.cvs.sourceforge.net/slashcode/slash/Slash/Utility/Environment/Environment.pm?r1=1.223&r2=1.225
http://www.slashcode.com/article.pl?sid=08/01/04/1950244&tid=4
http://www.slashcode.com/article.pl?sid=08/01/07/2314232
slash-id-sql-injection(42880)

CWE    1
CWE-89
OVAL    1
oval:org.mitre.oval:def:8143

© 2013 SecPod Technologies