NVD

Id
6828  
Name
CVE-2008-7097  
Description
Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow remote attackers to execute arbitrary SQL commands via (1) the $id variable in admin/includes/dele_cpac.php, (2) $ord[order_id] variable in payments/payment_received.php, (3) $id variable in includes/functions.php, and (4) unspecified variables in modules/chat.php, as demonstrated via the (a) show parameter in an online action to index.php; (b) PATH_INTO to the room/ handler; (c) image and (d) id parameters in a vote action to index.php; (e) PATH_INFO to the blog/ handler; and (f) id parameter in a blog_edit action to index.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2009-08-27  
Modified Date
2010-06-28  
Seq
2008-7097  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
38887 6828 CVE-2008-7097 6312  View
38888 6828 CVE-2008-7097 30842  View
38889 6828 CVE-2008-7097 krate-index-sql-injection(44670)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
44679 JVNDB-2009-005686 Qsoft K-Rate Premium における SQL インジェクションの脆弱性 Qsoft K-Rate Premium には、SQL インジェクションの脆弱性が存在します。 CVE-2008-7097 37210 CVE-2008-7097 6828 7.5 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-005686.html 2009-08-27 2012-12-20 View