PT-2009-1699 · Mole · Mole Group Airline Ticket Sale Script

Cyb3R-1St

Publicado

2009-02-20

Atualizado

2024-08-07

CVE-2008-6225

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Mole Group Airline Ticket Sale Script (affected versions not specified)

Description: A SQL injection issue in the info.php file of the Mole Group Airline Ticket Sale Script allows remote attackers to execute arbitrary SQL commands via the flight parameter. The vendor has disputed this issue.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2008-6225

Produtos afetados

Mole Group Airline Ticket Sale Script

PT-2009-1699 · Mole · Mole Group Airline Ticket Sale Script

CVE-2008-6225

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8