CVE-2008-1992
published 2008-04-27CVE-2008-1992: Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.97%
85.5th percentile
Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| acidcat | acidcat_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Easysitenetwork Jokes Complete Website - 'joke.php' SQL Injection
exploitdb·2008-12-18
CVE-2008-6880 Easysitenetwork Jokes Complete Website - 'joke.php' SQL Injection
Easysitenetwork Jokes Complete Website - 'joke.php' SQL Injection
---
source: https://www.securityfocus.com/bid/32908/info
EasySiteNetwork Jokes Complete Website is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/joke.php?id=-1992+union+select+1,concat(login,0x3a,password),3,4,5,6,7,8+from+admin_login--
Exploit-DB
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
exploitdb·2008-04-20
CVE-2008-1993 Acidcat CMS 3.4.1 - Multiple Vulnerabilities
Acidcat CMS 3.4.1 - Multiple Vulnerabilities
---
########################## www.BugReport.ir #######################################
#
# AmnPardaz Security Research Team
#
# Title: Acidcat CMS Multiple Vulnerabilities.
# Vendor: www.acidcat.com
# Vulnerable Version: 3.4.1
# Exploit: Available
# Impact: High
# Fix: N/A
# Original Advisory: http://bugreport.ir/index.php?/36
###################################################################################
####################
1. Description:
####################
Acidcat CMS is a web site and simple Content Management System that can be administered via a web browser.
####################
2. Vulnerability:
####################
2.1. There is a SQL Injection in "default.asp". By using it, attacker can gain usernames and encrypted password
No writeups or analysis indexed.
http://bugreport.ir/index.php?/36http://secunia.com/advisories/29916http://securityreason.com/securityalert/3842http://www.securityfocus.com/archive/1/491129/100/0/threadedhttp://www.securityfocus.com/bid/28868https://exchange.xforce.ibmcloud.com/vulnerabilities/41921https://www.exploit-db.com/exploits/5478http://bugreport.ir/index.php?/36http://secunia.com/advisories/29916http://securityreason.com/securityalert/3842http://www.securityfocus.com/archive/1/491129/100/0/threadedhttp://www.securityfocus.com/bid/28868https://exchange.xforce.ibmcloud.com/vulnerabilities/41921https://www.exploit-db.com/exploits/5478
2008-04-27
Published