CVE-2008-7075

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.

🔗 References (22)

• cve@mitrehttp://osvdb.org/50452
• cve@mitrehttp://osvdb.org/50453
• cve@mitrehttp://osvdb.org/50454
• cve@mitrehttp://osvdb.org/50455
• cve@mitrehttp://osvdb.org/50456
• cve@mitrehttp://secunia.com/advisories/32887
• cve@mitrehttp://www.securityfocus.com/bid/32489
• cve@mitrehttp://www.vupen.com/english/advisories/2008/3269
• cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/46981
• cve@mitrehttps://www.exploit-db.com/exploits/7240
• cve@mitrehttps://www.exploit-db.com/exploits/7243
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50452
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50453
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50454
• af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/50455