CyberSec.Space Logo
Back to CVE Browser

CVE-2008-6509

HIGH
7.5
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile23.35th
PublishedMar 23, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

Affected Platforms (CPE)

πŸ“¦
Igniterealtime

Openfire

<= 3.6.0a
πŸ“¦
Igniterealtime

Openfire

= 2.6.0
πŸ“¦
Igniterealtime

Openfire

= 2.6.1
πŸ“¦
Igniterealtime

Openfire

= 2.6.2
πŸ“¦
Igniterealtime

Openfire

= 3.0.0
πŸ“¦
Igniterealtime

Openfire

= 3.0.1
πŸ“¦
Igniterealtime

Openfire

= 3.1.0
πŸ“¦
Igniterealtime

Openfire

= 3.1.1
πŸ“¦
Igniterealtime

Openfire

= 3.2.0
πŸ“¦
Igniterealtime

Openfire

= 3.2.1
πŸ“¦
Igniterealtime

Openfire

= 3.2.2
πŸ“¦
Igniterealtime

Openfire

= 3.2.3
πŸ“¦
Igniterealtime

Openfire

= 3.2.4
πŸ“¦
Igniterealtime

Openfire

= 3.3.0
πŸ“¦
Igniterealtime

Openfire

= 3.3.2
πŸ“¦
Igniterealtime

Openfire

= 3.3.3
πŸ“¦
Igniterealtime

Openfire

= 3.4.0
πŸ“¦
Igniterealtime

Openfire

= 3.4.1
πŸ“¦
Igniterealtime

Openfire

= 3.4.3
πŸ“¦
Igniterealtime

Openfire

= 3.4.4
πŸ“¦
Igniterealtime

Openfire

= 3.4.5
πŸ“¦
Igniterealtime

Openfire

= 3.5.0
πŸ“¦
Igniterealtime

Openfire

= 3.5.1
πŸ“¦
Igniterealtime

Openfire

= 3.5.2
πŸ“¦
Igniterealtime

Openfire

= 3.6.0

References & Advisories

πŸ”— http://osvdb.org/51912
πŸ”— http://secunia.com/advisories/32478
πŸ”— http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
πŸ”— http://www.andreas-kurtz.de/archives/63
πŸ”— http://www.igniterealtime.org/issues/browse/JM-1488
πŸ”— http://www.securityfocus.com/archive/1/498162/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/32189
πŸ”— http://www.vupen.com/english/advisories/2008/3061

Related Vulnerabilities

CVE-2019-183949.8

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attacke...

CVE-2017-28158.1

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web requ...

CVE-2014-27417.8

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML...

CVE-2007-29757.5

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in ...