Vulnerability Description
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Badongo | Campus Bulletin Board | 3.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/492586/100/0/threaded
- http://www.securityfocus.com/bid/29375Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42660
- http://www.securityfocus.com/archive/1/492586/100/0/threaded
- http://www.securityfocus.com/bid/29375Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42660
FAQ
What is CVE-2008-2492?
CVE-2008-2492 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to ...
How severe is CVE-2008-2492?
CVE-2008-2492 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2492?
Check the references section above for vendor advisories and patch information. Affected products include: Badongo Campus Bulletin Board.