CVE

Id
30966  
CVE No.
CVE-2008-0849  
Status
Candidate  
Description
SQL injection vulnerability in index.php in the Downloads (com_downloads) component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in a selectcat function, a different vector than CVE-2008-0652.  
Phase
Assigned (20080220)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
329683 30966 CVE-2008-0849 BUGTRAQ:20080216 joomla SQL Injection (cat)(com_downloads)  View
329684 30966 CVE-2008-0849 URL:http://www.securityfocus.com/archive/1/archive/1/488291/100/0/threaded  View
329685 30966 CVE-2008-0849 BID:27860  View
329686 30966 CVE-2008-0849 URL:http://www.securityfocus.com/bid/27860  View
329687 30966 CVE-2008-0849 SREASON:3676  View
329688 30966 CVE-2008-0849 URL:http://securityreason.com/securityalert/3676  View
329689 30966 CVE-2008-0849 XF:downloads-indexphp-sql-injection(40621)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
48819 JVNDB-2008-004129 Joomla! および Mambo 用の com_detail コンポーネントにおける SQL インジェクションの脆弱性 Joomla! および Mambo 用の com_detail コンポーネントには、SQL インジェクションの脆弱性が存在します。 CVE-2008-0853 30966 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-004129.html  View