Описание
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-3845
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44669
- https://www.exploit-db.com/exploits/6307
- http://secunia.com/advisories/31573
- http://security.craftysyntax.com/updates/?v=2.14.6
- http://securityreason.com/securityalert/4192
- http://sourceforge.net/project/shownotes.php?release_id=620878
- http://www.gulftech.org/?node=research&article_id=00127-08252008
- http://www.securityfocus.com/archive/1/495729/100/0/threaded
- http://www.securityfocus.com/bid/30825
Связанные уязвимости
nvd
больше 17 лет назад
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.