CVE-2008-3845 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

Reference

http://secunia.com/advisories/31573 http://security.craftysyntax.com/updates/?v=2.14.6 http://securityreason.com/securityalert/4192 http://sourceforge.net/project/shownotes.php?release_id=620878 http://www.gulftech.org/?node=research&article_id=00127-08252008 http://www.securityfocus.com/archive/1/495729/100/0/threaded http://www.securityfocus.com/bid/30825 https://exchange.xforce.ibmcloud.com/vulnerabilities/44669 https://www.exploit-db.com/exploits/6307

Share on: