Timeline |
| Disclosure Date |
Exploit Publish Date |
| 2008-06-30 |
2008-06-30 |
|
|
Description |
<em style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3129" target="_blank">CVE</a>)</em> : Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form.
|
|
Classification |
Location:
Remote / Network Access
Attack Type:
Information Disclosure,
Input Manipulation
Impact:
Loss of Confidentiality,
Loss of Integrity
Exploit:
Exploit Public
Disclosure:
Uncoordinated Disclosure
OSVDB:
Web Related
|
|
Products |
Unknown or Incomplete
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
|
|
BlogsThis product uses the Daylife API but is not endorsed or certified by Daylife.
|
This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.
None found at this time
|
|
|
