CVE-2008-1774
published 2008-04-14CVE-2008-1774: SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| pligg | pligg_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rf4w-mwgx-jpv4: SQL injection vulnerability in editlink
ghsa_unreviewed·2022-05-01
CVE-2008-1774 [HIGH] CWE-89 GHSA-rf4w-mwgx-jpv4: SQL injection vulnerability in editlink
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
GHSA
GHSA-m54q-pw67-qrw6: SQL injection vulnerability in story
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-3366 [HIGH] CWE-89 GHSA-m54q-pw67-qrw6: SQL injection vulnerability in story
SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might overlap CVE-2008-1774.
No detection rules found.
Bugzilla
CVE-2008-4298 lighttpd: memory leak http_request_parse() in request.c
bugzilla·2008-09-29·CVSS 5.0
CVE-2008-4298 [MEDIUM] CVE-2008-4298 lighttpd: memory leak http_request_parse() in request.c
CVE-2008-4298 lighttpd: memory leak http_request_parse() in request.c
Memory leak in the http_request_parse function in request.c in
lighttpd before 1.4.20 allows remote attackers to cause a denial of
service (memory consumption) via a large number of requests with
duplicate request headers.
Reference: MLIST:[oss-security] 20080926 CVE Request (lighttpd)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/09/26/5
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=238180
Reference: CONFIRM:http://trac.lighttpd.net/trac/changeset/2305
Reference: CONFIRM:http://trac.lighttpd.net/trac/ticket/1774
Reference: CONFIRM:http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
Discussion:
lighttpd-1.4.20-6.fc9 has been submitted as an update for Fedora 9.
http://admin.fedorapro
Bugzilla
CVE-2008-0252 python-cherrypy directory traversal
bugzilla·2008-02-14·CVSS 7.5
CVE-2008-0252 [HIGH] CVE-2008-0252 python-cherrypy directory traversal
CVE-2008-0252 python-cherrypy directory traversal
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0252 to the following vulnerability:
Directory traversal vulnerability in the _get_file_path function in (1) lib/sessions.py in CherryPy 3.0.x up to 3.0.2, (2) filter/sessionfilter.py in CherryPy 2.1, and (3) filter/sessionfilter.py in CherryPy 2.x allows remote attackers to create or delete arbitrary files, and possibly read and write portions of arbitrary files, via a crafted session id in a cookie.
References:
http://www.securityfocus.com/archive/1/archive/1/487001/100/0/threaded
http://www.cherrypy.org/changeset/1774
http://www.cherrypy.org/changeset/1775
http://www.cherrypy.org/changeset/1776
http://www.cherrypy.org/ticket/744
https://bugs.gentoo.org/show_bug.cgi?
http://www.securityfocus.com/bid/28681http://www.vupen.com/english/advisories/2008/1164/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41709https://www.exploit-db.com/exploits/5406http://www.securityfocus.com/bid/28681http://www.vupen.com/english/advisories/2008/1164/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41709https://www.exploit-db.com/exploits/5406
2008-04-14
Published