CVE-2008-2816

Properties

Published:
22.06.2008
Updated:
23.06.2008
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Product:
o2php: oxygen

Vulnerability description

SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin Board) 2.0 allows remote attackers to execute arbitrary SQL commands via the repquote parameter in a reply action, a different vector than CVE-2006-1572.

References:

MILW0RM: http://www.milw0rm.com/exploits/5828
BID: http://www.securityfocus.com/bid/29729
XF: http://xforce.iss.net/xforce/xfdb/43113