NVD

Id
349  
Name
CVE-2008-0371  
Description
Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to (c) admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-01-22  
Modified Date
2008-09-05  
Seq
2008-0371  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
2301 349 CVE-2008-0371 4922  View
2302 349 CVE-2008-0371 27315  View
2303 349 CVE-2008-0371 alitalk-receivertwo-sql-injection(39733)  View
2304 349 CVE-2008-0371 alitalk-adminindex-sql-injection(39735)  View
2305 349 CVE-2008-0371 alitalk-usercp-sql-injection(39736)  View
2306 349 CVE-2008-0371 alitalk-index-sql-injection(39745)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
47317 JVNDB-2008-002627 aliTalk における SQL インジェクションの脆弱性 aliTalk には、magic_quotes_gpc が無効になっている際、SQL インジェクションの脆弱性が存在します。 CVE-2008-0371 30484 CVE-2008-0371 349 6.8 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002627.html 2008-01-22 2012-06-26 View