CVE Vulnerability

CVE-2008-1726

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

6.8 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/28713 Exploit
http://www.securityfocus.com/bid/28716 Exploit
http://secunia.com/advisories/29716 Vendor Advisory
http://www.osvdb.org/44254
http://www.osvdb.org/44255
http://www.osvdb.org/44256
https://exchange.xforce.ibmcloud.com/vulnerabilities/41746
https://www.exploit-db.com/exploits/5421
Configurations

Configuration 1

cpe:2.3:a:myknowledgequest:knowledgequest:2.6:*:*:*:*:*:*:*
Information

Published : 2008-04-11 07:05

Updated : 2017-09-29 01:30

NVD link : CVE-2008-1726

Mitre link : CVE-2008-1726

Products Affected
No products.
CWE
CWE-89