NVD

Id
821  
Name
CVE-2008-0850  
Description
Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to whoisonline.php, (2) tracking_list_coaches_column parameter to main/mySpace/index.php, (3) tutor_name parameter to main/create_course/add_course.php, the (4) Referer HTTP header to index.php, and the (5) X-Fowarded-For HTTP header to main/admin/class_list.php.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-03  
Published
2008-02-20  
Modified Date
2011-03-07  
Seq
2008-0850  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
5029 821 CVE-2008-0850 http://projects.dokeos.com/index.php?do=details&task_id=2218  View
5030 821 CVE-2008-0850 3687  View
5031 821 CVE-2008-0850 20080219 [DSECRG-08-015] Multiple Security Vulnerabilities in Dokeos 1.8.4  View
5032 821 CVE-2008-0850 27792  View
5033 821 CVE-2008-0850 1019425  View
5034 821 CVE-2008-0850 ADV-2008-0587  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
46730 JVNDB-2008-002040 Dokeos における複数の SQL インジェクションの脆弱性 Dokeos には複数の SQL インジェクションの脆弱性が存在します。 CVE-2008-0850 30963 CVE-2008-0850 821 7.5 http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-002040.html 2008-02-21 2008-12-19 View