ByteOS Network

NVD Vulnerability Details :

CVE-2008-3762

Modified

Source-cve@mitre.org

Published At-21 Aug, 2008 | 17:41

Updated At-11 Oct, 2018 | 20:49

SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP Live Helper 2.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the dep parameter, related to lack of input sanitization in the get function in global.php.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	nvd@nist.gov

Evaluator Solution

Upgrade to Version 2.1.0 - http://www.turnkeywebtools.com/esupport/index.php?_m=news&_a=viewnews&newsid=62

References

Hyperlink	Source	Resource
http://secunia.com/advisories/31521	cve@mitre.org	Vendor Advisory
http://securityreason.com/securityalert/4178	cve@mitre.org	N/A
http://www.gulftech.org/?node=research&article_id=00124-08162008	cve@mitre.org	Exploit
http://www.securityfocus.com/archive/1/495542/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/30729	cve@mitre.org	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/44568	cve@mitre.org	N/A
https://www.exploit-db.com/exploits/6261	cve@mitre.org	N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History