ColdGen - coldbookmarks v1.22 Remote 0day SQL Injection vulnerability

vendor:

coldbookmarks

by:

mr_me

CVSS

HIGH

SQL Injection

CWE

Product Name: coldbookmarks

Affected Version From: 1.22

Affected Version To: 1.22

Patch Exists: YES

Related CWE: CVE-2009-4010

CPE: a:coldgen:coldbookmarks:1.22

Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/, https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2009

ColdGen – coldbookmarks v1.22 Remote 0day SQL Injection vulnerability

ColdGen's coldbookmarks v1.22 is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject arbitrary SQL code into the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Upgrade to the latest version of coldbookmarks.

Source

ColdGen – coldbookmarks v1.22 Remote 0day SQL Injection vulnerability

Mitigation:

Exploit-DB raw data: