Vulnerability Description
Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kasseler-Cms | Kasseler Cms | 1.1.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31862
- http://www.securityfocus.com/bid/31170Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45120
- https://www.exploit-db.com/exploits/6460
- http://secunia.com/advisories/31862
- http://www.securityfocus.com/bid/31170Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45120
- https://www.exploit-db.com/exploits/6460
FAQ
What is CVE-2008-4356?
CVE-2008-4356 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News modu...
How severe is CVE-2008-4356?
CVE-2008-4356 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4356?
Check the references section above for vendor advisories and patch information. Affected products include: Kasseler-Cms Kasseler Cms.