CVE-2008-3563
Last modified
CVE-2008-3563 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.. EPSS estimates a 2.43% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the checked array parameter to plog-download.php in an album action and (2) unspecified parameters to plog-remote.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the activate parameter to admin/plog-themes.php, related to theme_dir settings.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Plogger | Plogger | <= 3.0 | — |
| Plogger | Plogger | 1.0 | Beta3 |
| Plogger | Plogger | 2.0 | — |
| Plogger | Plogger | 2.1 | Beta |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-3563?
How severe is CVE-2008-3563?
How do I fix CVE-2008-3563?
Are you affected by CVE-2008-3563?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST