Vulnerability Description
SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Darko Selesi | Estateagent | 0.1 |
| Joomla | Joomla | All versions |
| Mambo | Mambo | 4.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/27520
- http://www.vupen.com/english/advisories/2008/0362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40060
- https://www.exploit-db.com/exploits/5016
- http://www.securityfocus.com/bid/27520
- http://www.vupen.com/english/advisories/2008/0362
- https://exchange.xforce.ibmcloud.com/vulnerabilities/40060
- https://www.exploit-db.com/exploits/5016
FAQ
What is CVE-2008-0517?
CVE-2008-0517 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the o...
How severe is CVE-2008-0517?
CVE-2008-0517 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0517?
Check the references section above for vendor advisories and patch information. Affected products include: Darko Selesi Estateagent, Joomla Joomla, Mambo Mambo.