[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2008-7091

Date: (C)2009-08-26   (M)2017-10-04 


Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

CVSS Score: 7.5Access Vector: NETWORK
Exploit Score: 10.0Access Complexity: LOW
Impact Score: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL





Reference:
http://www.securityfocus.com/archive/1/archive/1/494987/100/0/threaded
BID-30458
OSVDB-50189
OSVDB-50190
OSVDB-50191
OSVDB-50192
OSVDB-50193
OSVDB-50194
OSVDB-50195
OSVDB-50196
OSVDB-50197
OSVDB-50198
EXPLOIT-DB-6173
http://www.gulftech.org/?node=research&article_id=00120-07312008
pligg-multiple-sql-injection(44193)

CPE    3
cpe:/a:pligg:pligg_cms:9.9.0
cpe:/a:pligg:pligg_cms:9.5
cpe:/a:pligg:pligg_cms:9.9.0:beta
CWE    1
CWE-89

© 2013 SecPod Technologies