Vulnerability Description
SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/articleblock.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Agares Media | Arcadem Pro | 2.700 |
Related Weaknesses (CWE)
References
- http://packetstorm.linuxsecurity.com/0809-exploits/arcadempro-sql.txtExploit
- http://secunia.com/advisories/31975Vendor Advisory
- http://www.securityfocus.com/bid/31322
- http://www.vupen.com/english/advisories/2008/2700
- https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032PatchVendor Advisory
- http://packetstorm.linuxsecurity.com/0809-exploits/arcadempro-sql.txtExploit
- http://secunia.com/advisories/31975Vendor Advisory
- http://www.securityfocus.com/bid/31322
- http://www.vupen.com/english/advisories/2008/2700
- https://secure.agaresmedia.com/forums/viewtopic.php?f=12&t=2032PatchVendor Advisory
FAQ
What is CVE-2008-6040?
CVE-2008-6040 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in index.php in Arcadem Pro 2.700 through 2.802 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter, probably related to includes/article...
How severe is CVE-2008-6040?
CVE-2008-6040 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-6040?
Check the references section above for vendor advisories and patch information. Affected products include: Agares Media Arcadem Pro.