CVE-2008-6383

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2008-6383
SQL injection vulnerability in SpeedTech Organization and Resource Manager (Storm) 5.x before 5.x-1.14 and 6.x before 6.x-1.18, a module for Drupal, allows remote authenticated users with storm project access to execute arbitrary SQL commands via unspecified vectors.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securityfocus.com/bid/32626 Patch
http://drupal.org/node/342246 Patch Vendor Advisory
http://secunia.com/advisories/32978 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/47077
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:drupal:storm:5.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.16:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.15:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.14:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.7:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.8:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.x-dev:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.13:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.9:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.4:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.11:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.0:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.10:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.6:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.17:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.3:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.12:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.2:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:6.x-1.1:*:*:*:*:*:*:*
cpe:2.3:a:drupal:storm:5.x-1.5:*:*:*:*:*:*:*
cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
Information

Published : 2009-03-02 11:30

Updated : 2017-08-16 18:29

NVD link : CVE-2008-6383

Mitre link : CVE-2008-6383

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

drupal

  • storm
  • drupal