Vulnerability Description
Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.
CVSS Score
6.0
MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cezannesw | Cezanne | 7 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3830
- http://www.s21sec.com/avisos/s21sec-43-en.txt
- http://www.securityfocus.com/archive/1/490843/100/0/threaded
- http://www.securityfocus.com/bid/28773Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41816
- http://securityreason.com/securityalert/3830
- http://www.s21sec.com/avisos/s21sec-43-en.txt
- http://www.securityfocus.com/archive/1/490843/100/0/threaded
- http://www.securityfocus.com/bid/28773Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41816
FAQ
What is CVE-2008-1968?
CVE-2008-1968 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer....
How severe is CVE-2008-1968?
CVE-2008-1968 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1968?
Check the references section above for vendor advisories and patch information. Affected products include: Cezannesw Cezanne.