CVE-2008-0943

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3) ClassList.asp.

Published: Feb 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0943
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
aeries / aeries_student_information_system	3.7.2.2	3.7.2.2.x
aeries / aeries_student_information_system	3.8.2.8	3.8.2.8.x

http://secunia.com/advisories/29053
http://securityreason.com/securityalert/3696
http://www.securityfocus.com/archive/1/488428/100/0/threaded
http://www.securityfocus.com/bid/27924
https://exchange.xforce.ibmcloud.com/vulnerabilities/40757

Vulnerability Database

CVE-2008-0943