CVE-2008-3034
published 2008-07-07CVE-2008-3034: Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.4th percentile
Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| rss_aggregator | rss_aggregator | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
RSS-aggregator 1.0 - 'IdFlux' SQL Injection
exploitdb·2008-06-30
CVE-2008-3034 RSS-aggregator 1.0 - 'IdFlux' SQL Injection
RSS-aggregator 1.0 - 'IdFlux' SQL Injection
---
source: https://www.securityfocus.com/bid/30016/info
RSS-aggregator is prone to multiple SQL-injection and authentication-bypass vulnerabilities.
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, and gain administrative access to the affected application.
RSS-aggregator 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/admin/fonctions/supprimer_flux.php?IdFlux=[SQL injection]
Exploit-DB
RSS-aggregator 1.0 - 'IdTag' SQL Injection
exploitdb·2008-06-30
CVE-2008-3034 RSS-aggregator 1.0 - 'IdTag' SQL Injection
RSS-aggregator 1.0 - 'IdTag' SQL Injection
---
source: https://www.securityfocus.com/bid/30016/info
RSS-aggregator is prone to multiple SQL-injection and authentication-bypass vulnerabilities.
A successful exploit could allow an attacker to compromise the application, access or modify data, exploit vulnerabilities in the underlying database, and gain administrative access to the affected application.
RSS-aggregator 1.0 is vulnerable; other versions may also be affected.
http://www.example.com/admin/fonctions/supprimer_tag.php?IdTag=[SQL injection]
No writeups or analysis indexed.
http://securityreason.com/securityalert/3975http://www.securityfocus.com/archive/1/493783/100/0/threadedhttp://www.securityfocus.com/bid/30016https://exchange.xforce.ibmcloud.com/vulnerabilities/43507http://securityreason.com/securityalert/3975http://www.securityfocus.com/archive/1/493783/100/0/threadedhttp://www.securityfocus.com/bid/30016https://exchange.xforce.ibmcloud.com/vulnerabilities/43507
2008-07-07
Published