Summary
Detail | |||
---|---|---|---|
Vendor | Craftysyntax | First view | 2008-08-27 |
Product | Crafty Syntax Live Help | Last view | 2008-08-27 |
Version | 1.3 | Type | Application |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:a:craftysyntax:crafty_syntax_live_help |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.5 | 2008-08-27 | CVE-2008-3845 | Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. |
5 | 2008-08-27 | CVE-2008-3840 | Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
50% (1) | CWE-255 | Credentials Management |
50% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
47838 | Crafty Syntax Live Help Cleartext Passwords Database Information Disclosure |
47782 | Crafty Syntax Live Help is_flush.php department Parameter SQL Injection |
47781 | Crafty Syntax Live Help is_xmlhttp.php department Parameter SQL Injection |