CVE-2008-7091 Information
Description
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
Reference
http://www.gulftech.org/?node=research&article_id=00120-07312008 http://www.osvdb.org/50189 http://www.osvdb.org/50190 http://www.osvdb.org/50191 http://www.osvdb.org/50192 http://www.osvdb.org/50193 http://www.osvdb.org/50194 http://www.osvdb.org/50195 http://www.osvdb.org/50196 http://www.osvdb.org/50197 http://www.osvdb.org/50198 http://www.securityfocus.com/archive/1/494987/100/0/threaded http://www.securityfocus.com/bid/30458 https://exchange.xforce.ibmcloud.com/vulnerabilities/44193 https://www.exploit-db.com/exploits/6173
Share on: