CVE-2008-3556
published 2008-08-08CVE-2008-3556: Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.97%
57.3th percentile
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| haudenschilt | battlenet_clan_script | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat1.9LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p3rh-c6ff-9m2g: Multiple SQL injection vulnerabilities in index
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2008-3556 [MEDIUM] CWE-89 GHSA-p3rh-c6ff-9m2g: Multiple SQL injection vulnerabilities in index
Multiple SQL injection vulnerabilities in index.php in Battle.net Clan Script 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) showmember parameter in a members action and the (2) thread parameter in a board action. NOTE: vector 1 might be the same as CVE-2008-2522.
Red Hat
kernel: qla2xxx NPIV vport management pseudofiles are world writable
vendor_redhat·2010-01-19·CVSS 1.9
CVE-2009-3556 [LOW] CWE-732 kernel: qla2xxx NPIV vport management pseudofiles are world writable
kernel: qla2xxx NPIV vport management pseudofiles are world writable
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit d025c9db that introduced the problem.
This upstream commit was backported in Red Hat Enterprise Linux 5 via RHBA-2008:0314 update. Issue was add
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/4119http://www.securityfocus.com/archive/1/495167/100/0/threadedhttp://www.securityfocus.com/bid/30565https://exchange.xforce.ibmcloud.com/vulnerabilities/44262http://securityreason.com/securityalert/4119http://www.securityfocus.com/archive/1/495167/100/0/threadedhttp://www.securityfocus.com/bid/30565https://exchange.xforce.ibmcloud.com/vulnerabilities/44262
2008-08-08
Published