vendor:
CafeEngine
by:
0xFFFFFF
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: CafeEngine
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2008-4456
CPE: a:cafeengine:cafeengine:1.2
Metasploit:
https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/, https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/, https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/apple-osx-mysql-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2008-4456/, https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2008-4456/
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2008
CafeEngine Multiple Remote SQL Injection
CafeEngine is prone to multiple SQL injection vulnerabilities because it fails to properly sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, disclose sensitive information, modify data, and potentially compromise the application and server.
Mitigation:
Upgrade to the latest version of CafeEngine.