CVE-2008-2446 - OpenCVE

Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a "show moreinfo" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wgcc	Web Group Communication Center

Configuration 1 [-]

cpe:2.3:a:wgcc:web_group_communication_center:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/30235
http://www.securityfocus.com/bid/29188
https://exchange.xforce.ibmcloud.com/vulnerabilities/42385
https://www.exploit-db.com/exploits/5606

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-27T14:00:00

Updated: 2024-08-07T08:58:02.311Z

Reserved: 2008-05-27T00:00:00

Link: CVE-2008-2446

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-05-27T14:32:00.000

Modified: 2017-09-29T01:31:10.303

Link: CVE-2008-2446

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a \"show moreinfo\" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "5606", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5606"}, {"name": "29188", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29188"}, {"name": "wgcc-multiple-sql-injection(42385)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42385"}, {"name": "30235", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30235"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2446", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a \"show moreinfo\" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "5606", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5606"}, {"name": "29188", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29188"}, {"name": "wgcc-multiple-sql-injection(42385)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42385"}, {"name": "30235", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30235"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:02.311Z"}, "title": "CVE Program Container", "references": [{"name": "5606", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5606"}, {"name": "29188", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29188"}, {"name": "wgcc-multiple-sql-injection(42385)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42385"}, {"name": "30235", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30235"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2446", "datePublished": "2008-05-27T14:00:00", "dateReserved": "2008-05-27T00:00:00", "dateUpdated": "2024-08-07T08:58:02.311Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wgcc:web_group_communication_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "17174AE9-9CC9-4679-9A66-E9D440BBEE80", "versionEndIncluding": "1.0.3_prerelease1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) userid parameter to (a) profile.php in a \"show moreinfo\" action; the (2) bildid parameter to (b) picturegallery.php in a shownext action; the (3) id parameter to (c) filebase.php in a freigeben action, (d) schedule.php in a del action, and (e) profile.php in an observe action; and the (4) pmid parameter in a delete action and (5) folderid parameter in a showfolder action to (f) message.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SLQ en Web Group Communication Center (WGCC) 1.0.3 PreRelease 1 y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) userid de (a) profile.php en una acci\u00f3n \"show moreinfo\"; el par\u00e1metor (2) bildid de (b) picturegallery.php en una acci\u00f3n shownext; el par\u00e1metro (3) id de (c) filebase.php en una acci\u00f3n freigeben, (d) schedule.php en una acci\u00f3n del, y (e) profile.php en una acci\u00f3n observe; y el par\u00e1metro (4) pmid en una acci\u00f3n delete y el par\u00e1metro (5) folderid en una acci\u00f3n showfolder de (f) message.php."}], "id": "CVE-2008-2446", "lastModified": "2017-09-29T01:31:10.303", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-27T14:32:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30235"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/29188"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42385"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5606"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}