Vulnerability Description
Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in a viewuser action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dotproject | Dotproject | 2.1.2 |
Related Weaknesses (CWE)
References
- http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txtExploit
- http://secunia.com/advisories/31681Vendor Advisory
- http://www.securityfocus.com/bid/30924
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44772
- http://packetstorm.linuxsecurity.com/0808-exploits/dotproject-sqlxss.txtExploit
- http://secunia.com/advisories/31681Vendor Advisory
- http://www.securityfocus.com/bid/30924
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44771
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44772
FAQ
What is CVE-2008-3887?
CVE-2008-3887 is a vulnerability with a CVSS score of 6.0 (MEDIUM). Multiple SQL injection vulnerabilities in index.php in dotProject 2.1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the tab parameter in a projects action, and (2) remot...
How severe is CVE-2008-3887?
CVE-2008-3887 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3887?
Check the references section above for vendor advisories and patch information. Affected products include: Dotproject Dotproject.