CVE-2008-4364

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.
Configurations

Configuration 1 (hide)

cpe:2.3:a:parsagostar:parsaweb_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-09-30 23:24

Updated : 2018-10-11 20:51


NVD link : CVE-2008-4364

Mitre link : CVE-2008-4364

CVE.ORG link : CVE-2008-4364


JSON object : View

Products Affected

parsagostar

  • parsaweb_cms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')