Vulnerability Description
SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xpoze | Xpoze Pro | 3.06 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30926Vendor Advisory
- http://www.securityfocus.com/bid/30101
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43607
- https://www.exploit-db.com/exploits/6010
- http://secunia.com/advisories/30926Vendor Advisory
- http://www.securityfocus.com/bid/30101
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43607
- https://www.exploit-db.com/exploits/6010
FAQ
What is CVE-2008-3089?
CVE-2008-3089 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze Pro CMS 2008) allows remote attackers to execute arbitrary SQL commands via the uid parameter.
How severe is CVE-2008-3089?
CVE-2008-3089 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3089?
Check the references section above for vendor advisories and patch information. Affected products include: Xpoze Xpoze Pro.