CVE-2008-1726

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

Published: Apr 11, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1726
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
myknowledgequest / knowledgequest	2.6	2.6.x

http://secunia.com/advisories/29716
http://www.osvdb.org/44254
http://www.osvdb.org/44255
http://www.osvdb.org/44256
http://www.securityfocus.com/bid/28713
http://www.securityfocus.com/bid/28716
https://exchange.xforce.ibmcloud.com/vulnerabilities/41746
https://www.exploit-db.com/exploits/5421

Vulnerability Database

288,011

CVE-2008-1726