7.5
CVE-2008-7091
- EPSS 2.1%
- Veröffentlicht 26.08.2009 14:24:17
- Zuletzt bearbeitet 16.06.2026 23:03:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.1% | 0.793 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.
http://www.gulftech.org/?node=research&article_id=00120-07312008
http://www.securityfocus.com/archive/1/494987/100/0/threaded
http://www.securityfocus.com/bid/30458
https://www.exploit-db.com/exploits/6173
http://www.osvdb.org/50189
http://www.osvdb.org/50190
http://www.osvdb.org/50191
http://www.osvdb.org/50192
http://www.osvdb.org/50193
http://www.osvdb.org/50194
http://www.osvdb.org/50195
http://www.osvdb.org/50196
http://www.osvdb.org/50197
http://www.osvdb.org/50198
https://exchange.xforce.ibmcloud.com/vulnerabilities/44193