CVE Vulnerability

CVE-2008-6236

SQL injection vulnerability in login.php in Simple Document Management System (SDMS) 1.1.5 and 1.1.4, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://secunia.com/advisories/32502 Vendor Advisory
http://www.securityfocus.com/bid/32114 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/48944
https://exchange.xforce.ibmcloud.com/vulnerabilities/46342
Configurations

Configuration 1

cpe:2.3:a:cafuego:simple_document_management_system:1.1.5:*:*:*:*:*:*:*
cpe:2.3:a:cafuego:simple_document_management_system:1.1.4:*:*:*:*:*:*:*
Information

Published : 2009-02-21 11:30

Updated : 2017-08-17 01:29

NVD link : CVE-2008-6236

Mitre link : CVE-2008-6236

Products Affected
No products.
CWE
CWE-89