CVE Vulnerability

CVE-2008-7049

Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/32385 Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/46748
https://www.exploit-db.com/exploits/7175
https://www.exploit-db.com/exploits/7172
Configurations

Configuration 1

cpe:2.3:a:natterchat:natterchat:1.12:*:*:*:*:*:*:*
cpe:2.3:a:natterchat:natterchat:1.1:*:*:*:*:*:*:*
Information

Published : 2009-08-24 10:30

Updated : 2017-09-29 01:33

NVD link : CVE-2008-7049

Mitre link : CVE-2008-7049

Products Affected

Natterchat

CWE
CWE-89