CVE-2008-7091
Summary
| CVE | CVE-2008-7091 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-08-26 14:24:00 UTC |
| Updated | 2018-10-11 20:58:00 UTC |
| Description | Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php. |
Risk And Classification
Problem Types: CWE-89
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| 50197 | OSVDB | www.osvdb.org | |
| Contact Support | MISC | www.gulftech.org | Exploit |
| 50190 | OSVDB | www.osvdb.org | |
| 50195 | OSVDB | www.osvdb.org | |
| 50192 | OSVDB | www.osvdb.org | |
| 50191 | OSVDB | www.osvdb.org | |
| Pligg <= 9.9.0 (XSS/LFI/SQL) Multiple Remote Vulnerabilities | EXPLOIT-DB | www.exploit-db.com | |
| Pligg Multiple Remote Vulnerabilities | BID | www.securityfocus.com | Exploit |
| 50196 | OSVDB | www.osvdb.org | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| 50198 | OSVDB | www.osvdb.org | |
| 50189 | OSVDB | www.osvdb.org | |
| 50193 | OSVDB | www.osvdb.org | |
| 50194 | OSVDB | www.osvdb.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.