Описание
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-6509
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46487
- https://www.exploit-db.com/exploits/7075
- http://osvdb.org/51912
- http://secunia.com/advisories/32478
- http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
- http://www.andreas-kurtz.de/archives/63
- http://www.igniterealtime.org/issues/browse/JM-1488
- http://www.securityfocus.com/archive/1/498162/100/0/threaded
- http://www.securityfocus.com/bid/32189
- http://www.vupen.com/english/advisories/2008/3061
Связанные уязвимости
nvd
почти 17 лет назад
SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.