PT-2008-4510 · Xpoze · Xpoze Pro

Farenh3It

Published

2008-07-09

Updated

2017-09-29

CVE-2008-3089

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Xpoze Pro version 3.06

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the uid parameter in the user.html file.

Recommendations: For Xpoze Pro version 3.06, avoid using the uid parameter in the user.html file until the issue is resolved. As a temporary workaround, consider restricting access to the user.html file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2008-3089

Affected Products

Xpoze Pro

PT-2008-4510 · Xpoze · Xpoze Pro

CVE-2008-3089

Weakness Enumeration

Related Identifiers

Affected Products

References · 5