製品・ソフトウェアに関する情報

JVN脆弱性詳細

CSLH における SQL インジェクションの脆弱性

Title	CSLH における SQL インジェクションの脆弱性
Summary	Crafty Syntax Live Help (CSLH) には、SQL インジェクションの脆弱性が存在します。
Possible impacts	第三者により、(1) is_xmlhttp.php への department パラメータおよび (2) is_flush.php.への department パラメータを介して、任意の SQL コマンドを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	Aug. 27, 2008, midnight
Registration Date	June 26, 2012, 4:02 p.m.
Last Update	June 26, 2012, 4:02 p.m.

CVSS2.0 : 危険
Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected System

craftysyntax

crafty syntax live help 2.14.6 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2008-3845	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3845
National Vulnerability Database (NVD)
2	CVE-2008-3845	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3845

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-89	https://jvndb.jvn.jp/ja/cwe/CWE-89.html

ベンダー情報

No	Name	URL
craftysyntax
1	Top Page	http://www.craftysyntax.com/

Change Log

No	Changed Details	Date of change
0	[2012年06月26日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2008-3845

Summary	Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.
Publication Date	Aug. 28, 2008, 8:41 a.m.
Registration Date	Jan. 29, 2021, 1:41 p.m.
Last Update	Oct. 12, 2018, 5:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.8:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.9:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.13.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.13.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help::::::::		2.14.6

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/31573	SECUNIA	Vendor Advisory
2	http://security.craftysyntax.com/updates/?v=2.14.6	CONFIRM	Patch
3	http://securityreason.com/securityalert/4192	SREASON
4	http://sourceforge.net/project/shownotes.php?release_id=620878	CONFIRM
5	http://www.gulftech.org/?node=research&article_id=00127-08252008	MISC	Exploit
6	http://www.securityfocus.com/archive/1/495729/100/0/threaded	BUGTRAQ
7	http://www.securityfocus.com/bid/30825	BID	Exploit
8	https://exchange.xforce.ibmcloud.com/vulnerabilities/44669	XF
9	https://www.exploit-db.com/exploits/6307	EXPLOIT-DB

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:1.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.10.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.11.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.6:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.7:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.8:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.12.9:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.13.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.13.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.0:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.1:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.2:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.3:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.4:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help:2.14.5:::::::*
cpe:2.3:a:craftysyntax:crafty_syntax_live_help::::::::		2.14.6