Vulnerability Description
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pligg | Pligg Cms | <= 9.9.0 |
Related Weaknesses (CWE)
References
- http://www.gulftech.org/?node=research&article_id=00120-07312008Exploit
- http://www.osvdb.org/50189
- http://www.osvdb.org/50190
- http://www.osvdb.org/50191
- http://www.osvdb.org/50192
- http://www.osvdb.org/50193
- http://www.osvdb.org/50194
- http://www.osvdb.org/50195
- http://www.osvdb.org/50196
- http://www.osvdb.org/50197
- http://www.osvdb.org/50198
- http://www.securityfocus.com/archive/1/494987/100/0/threaded
- http://www.securityfocus.com/bid/30458Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44193
- https://www.exploit-db.com/exploits/6173
FAQ
What is CVE-2008-7091?
CVE-2008-7091 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/lin...
How severe is CVE-2008-7091?
CVE-2008-7091 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-7091?
Check the references section above for vendor advisories and patch information. Affected products include: Pligg Pligg Cms.