This CPE summary could be partial or incomplete. Please contact us for a detailed listing.
Summary
| Detail | |||
|---|---|---|---|
| Vendor | Craftysyntax | First view | 2008-08-27 |
| Product | Crafty Syntax Live Help | Last view | 2008-08-27 |
| Version | 1.3 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:craftysyntax:crafty_syntax_live_help | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.5 | 2008-08-27 | CVE-2008-3845 | Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. |
| 5 | 2008-08-27 | CVE-2008-3840 | Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-255 | Credentials Management |
| 50% (1) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 47838 | Crafty Syntax Live Help Cleartext Passwords Database Information Disclosure |
| 47782 | Crafty Syntax Live Help is_flush.php department Parameter SQL Injection |
| 47781 | Crafty Syntax Live Help is_xmlhttp.php department Parameter SQL Injection |
