CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-6509

HIGH
7.5
CVSS Severity Score
EPSS Score0.0370%
EPSS Percentile23.35th
Published2009年3月23日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire 3.6.0a and earlier allows remote attackers to execute arbitrary SQL commands via the type parameter to sipark-log-summary.jsp.

Affected Platforms (CPE)

📦
Igniterealtime

Openfire

<= 3.6.0a
📦
Igniterealtime

Openfire

= 2.6.0
📦
Igniterealtime

Openfire

= 2.6.1
📦
Igniterealtime

Openfire

= 2.6.2
📦
Igniterealtime

Openfire

= 3.0.0
📦
Igniterealtime

Openfire

= 3.0.1
📦
Igniterealtime

Openfire

= 3.1.0
📦
Igniterealtime

Openfire

= 3.1.1
📦
Igniterealtime

Openfire

= 3.2.0
📦
Igniterealtime

Openfire

= 3.2.1
📦
Igniterealtime

Openfire

= 3.2.2
📦
Igniterealtime

Openfire

= 3.2.3
📦
Igniterealtime

Openfire

= 3.2.4
📦
Igniterealtime

Openfire

= 3.3.0
📦
Igniterealtime

Openfire

= 3.3.2
📦
Igniterealtime

Openfire

= 3.3.3
📦
Igniterealtime

Openfire

= 3.4.0
📦
Igniterealtime

Openfire

= 3.4.1
📦
Igniterealtime

Openfire

= 3.4.3
📦
Igniterealtime

Openfire

= 3.4.4
📦
Igniterealtime

Openfire

= 3.4.5
📦
Igniterealtime

Openfire

= 3.5.0
📦
Igniterealtime

Openfire

= 3.5.1
📦
Igniterealtime

Openfire

= 3.5.2
📦
Igniterealtime

Openfire

= 3.6.0

References & Advisories

🔗 http://osvdb.org/51912
🔗 http://secunia.com/advisories/32478
🔗 http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt
🔗 http://www.andreas-kurtz.de/archives/63
🔗 http://www.igniterealtime.org/issues/browse/JM-1488
🔗 http://www.securityfocus.com/archive/1/498162/100/0/threaded
🔗 http://www.securityfocus.com/bid/32189
🔗 http://www.vupen.com/english/advisories/2008/3061

関連する脆弱性情報

CVE-2019-183949.8

A Server Side Request Forgery (SSRF) vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attacke...

CVE-2017-28158.1

An exploitable XML entity injection vulnerability exists in OpenFire User Import Export Plugin 2.6.0. A specially crafted web requ...

CVE-2014-27417.8

nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML...

CVE-2007-29757.5

The admin console in Ignite Realtime Openfire 3.3.0 and earlier (formerly Wildfire) does not properly specify a filter mapping in ...