Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-2286

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGH
EPSS
39.7%
top 2.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Altiris Deployment Solution
Timeline
PublishedMay 18
Latest updateMay 1

Description

SQL injection vulnerability in axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 allows remote attackers to execute arbitrary SQL commands via unspecified string fields in a notification packet.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.symantec.comPatch: www.symantec.com

🔴Vulnerability Details

2
GHSA
GHSA-q325-2q6c-cgg6: SQL injection vulnerability in axengine2022-05-01
CVEList
CVE-2008-2286: SQL injection vulnerability in axengine2008-05-18

💥Exploits & PoCs

1
Exploit-DB
Symantec Altiris DS - SQL Injection (Metasploit)2013-11-13
CVE-2008-2286 (HIGH CVSS 7.5) | SQL injection vulnerability in axen | cvebase.io