Vulnerability Description
SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Parsagostar | Parsaweb Cms | All versions |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/4343
- http://www.bugreport.ir/index_53.htmExploit
- http://www.securityfocus.com/archive/1/496799/100/0/threaded
- http://www.securityfocus.com/bid/31450Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
- https://www.exploit-db.com/exploits/6610
- http://securityreason.com/securityalert/4343
- http://www.bugreport.ir/index_53.htmExploit
- http://www.securityfocus.com/archive/1/496799/100/0/threaded
- http://www.securityfocus.com/bid/31450Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
- https://www.exploit-db.com/exploits/6610
FAQ
What is CVE-2008-4364?
CVE-2008-4364 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch paramete...
How severe is CVE-2008-4364?
CVE-2008-4364 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4364?
Check the references section above for vendor advisories and patch information. Affected products include: Parsagostar Parsaweb Cms.