RSS   Vulnerabilities for 'Crafty syntax live help'   RSS

2008-08-27
 
CVE-2008-3845

CWE-89
 

 
Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

 
 
CVE-2008-3840

CWE-255
 

 
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information.

 

 >>> Vendor: Craftysyntax 2 Products
Crafty syntax live help
Crafty syntax


Copyright 2022, cxsecurity.com

 

Back to Top