Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-7091

Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to login.php; (10) id parameter to cvote.php; and (11) commentid parameter to edit.php.

Published

2009-08-26T14:24:17.077

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pligg	pligg_cms	≤ 9.9.0	Yes
Application	pligg	pligg_cms	9.5	Yes
Application	pligg	pligg_cms	9.9.0	Yes

References

http://www.gulftech.org/?node=research&article_id=00120-07312008 Exploit ([email protected])
http://www.osvdb.org/50189 ([email protected])
http://www.osvdb.org/50190 ([email protected])
http://www.osvdb.org/50191 ([email protected])
http://www.osvdb.org/50192 ([email protected])
http://www.osvdb.org/50193 ([email protected])
http://www.osvdb.org/50194 ([email protected])
http://www.osvdb.org/50195 ([email protected])
http://www.osvdb.org/50196 ([email protected])
http://www.osvdb.org/50197 ([email protected])
http://www.osvdb.org/50198 ([email protected])
http://www.securityfocus.com/archive/1/494987/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/30458 Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/44193 ([email protected])
https://www.exploit-db.com/exploits/6173 ([email protected])
http://www.gulftech.org/?node=research&article_id=00120-07312008 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50189 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50190 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50191 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50192 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50193 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50194 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50195 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50196 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50197 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/50198 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/494987/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/30458 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44193 (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/6173 (af854a3a-2127-422b-91ae-364da2661108)