Vulnerability Description
Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Doitlive | Cms | <= 2.50 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30705Vendor Advisory
- http://www.bugreport.ir/?/43Exploit
- http://www.securityfocus.com/bid/29789Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43163
- https://www.exploit-db.com/exploits/5849
- http://secunia.com/advisories/30705Vendor Advisory
- http://www.bugreport.ir/?/43Exploit
- http://www.securityfocus.com/bid/29789Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43161
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43163
- https://www.exploit-db.com/exploits/5849
FAQ
What is CVE-2008-2843?
CVE-2008-2843 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) L...
How severe is CVE-2008-2843?
CVE-2008-2843 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-2843?
Check the references section above for vendor advisories and patch information. Affected products include: Doitlive Cms.