CVE

Id
36115  
CVE No.
CVE-2008-5998  
Status
Candidate  
Description
Multiple SQL injection vulnerabilities in the ajax_checklist_save function in the Ajax Checklist module 5.x before 5.x-1.1 for Drupal allow remote authenticated users, with "update ajax checklists" permissions, to execute arbitrary SQL commands via a save operation, related to the (1) nid, (2) qid, and (3) state parameters.  
Phase
Assigned (20090128)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
396130 36115 CVE-2008-5998 BUGTRAQ:20080924 Drupal Ajax Checklist Module SQL Injection Vulnerability  View
396131 36115 CVE-2008-5998 URL:http://www.securityfocus.com/archive/1/archive/1/496727/100/0/threaded  View
396132 36115 CVE-2008-5998 CONFIRM:http://drupal.org/node/312968  View
396133 36115 CVE-2008-5998 BID:31384  View
396134 36115 CVE-2008-5998 URL:http://www.securityfocus.com/bid/31384  View
396135 36115 CVE-2008-5998 SECUNIA:32009  View
396136 36115 CVE-2008-5998 URL:http://secunia.com/advisories/32009  View
396137 36115 CVE-2008-5998 XF:ajaxchecklist-save-sql-injection(45410)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
44336 JVNDB-2009-005343 web-cp の sendfile.php における絶対パストラバーサルの脆弱性 web-cp の sendfile.php には、register_globals が有効になっている際、絶対パストラバーサルの脆弱性が存在します。 CVE-2008-6002 36115 7.1 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005343.html  View