Published: 27/08/2008 Updated: 11/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and previous versions allow remote malicious users to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
craftysyntax crafty syntax live help 1.0
craftysyntax crafty syntax live help 1.1
craftysyntax crafty syntax live help 2.0
craftysyntax crafty syntax live help 2.1
craftysyntax crafty syntax live help 2.11.0
craftysyntax crafty syntax live help 2.11.1
craftysyntax crafty syntax live help 2.12.1
craftysyntax crafty syntax live help 2.12.2
craftysyntax crafty syntax live help 2.12.9
craftysyntax crafty syntax live help 2.13.0
craftysyntax crafty syntax live help 2.14.5
craftysyntax crafty syntax live help
craftysyntax crafty syntax live help 1.6
craftysyntax crafty syntax live help 1.7
craftysyntax crafty syntax live help 2.10.4
craftysyntax crafty syntax live help 2.10.5
craftysyntax crafty syntax live help 2.11.7
craftysyntax crafty syntax live help 2.12.0
craftysyntax crafty syntax live help 2.12.7
craftysyntax crafty syntax live help 2.12.8
craftysyntax crafty syntax live help 2.14.3
craftysyntax crafty syntax live help 2.14.4
craftysyntax crafty syntax live help 1.4
craftysyntax crafty syntax live help 1.5
craftysyntax crafty syntax live help 2.10.2
craftysyntax crafty syntax live help 2.10.3
craftysyntax crafty syntax live help 2.11.5
craftysyntax crafty syntax live help 2.11.6
craftysyntax crafty syntax live help 2.12.5
craftysyntax crafty syntax live help 2.12.6
craftysyntax crafty syntax live help 2.14.1
craftysyntax crafty syntax live help 2.14.2
craftysyntax crafty syntax live help 1.2
craftysyntax crafty syntax live help 1.3
craftysyntax crafty syntax live help 2.10.0
craftysyntax crafty syntax live help 2.10.1
craftysyntax crafty syntax live help 2.11.2
craftysyntax crafty syntax live help 2.11.3
craftysyntax crafty syntax live help 2.11.4
craftysyntax crafty syntax live help 2.12.3
craftysyntax crafty syntax live help 2.12.4
craftysyntax crafty syntax live help 2.13.1
craftysyntax crafty syntax live help 2.14.0

Crafty Syntax Live Help <= 2146 SQL Injection August 25, 2008 Vendor : Eric Gerdes URL : wwwcraftysyntaxcom Version : Crafty Syntax Live Help <= 2146 Risk : SQL Injection Description: Crafty Syntax Live Help is a full featured, open source, online support system written in php that allows the visitors of a website to int ...

CWE-89 http://www.gulftech.org/?node=research&article_id=00127-08252008 http://security.craftysyntax.com/updates/?v=2.14.6 http://sourceforge.net/project/shownotes.php?release_id=620878 http://www.securityfocus.com/bid/30825 http://secunia.com/advisories/31573 http://securityreason.com/securityalert/4192 https://exchange.xforce.ibmcloud.com/vulnerabilities/44669 https://www.exploit-db.com/exploits/6307 http://www.securityfocus.com/archive/1/495729/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/6307/

CVE-2008-3845

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect