CVE-2008-6040

Опубликовано: 03 фев. 2009

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.

Ссылки

http://packetstorm.linuxsecurity.com/0809-exploits/arcadempro-sql.txt
Exploit
http://secunia.com/advisories/31975
Vendor Advisory
http://www.securityfocus.com/bid/31322
http://www.vupen.com/english/advisories/2008/2700
https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032
Patch
Vendor Advisory
http://packetstorm.linuxsecurity.com/0809-exploits/arcadempro-sql.txt
Exploit
http://secunia.com/advisories/31975
Vendor Advisory
http://www.securityfocus.com/bid/31322
http://www.vupen.com/english/advisories/2008/2700
https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:agares_media:arcadem_pro:2.700:*:*:*:*:*:*:*

cpe:2.3:a:agares_media:arcadem_pro:2.707:*:*:*:*:*:*:*

cpe:2.3:a:agares_media:arcadem_pro:2.802:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00465

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-h25x-hm7q-vxm2

github

больше 3 лет назад