Vulnerability Details CVE-2008-5882
SQL injection vulnerability in login.asp in Citrix Application Gateway - Broadcast Server (BCS) before 6.1, as used by Avaya AG250 - Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute arbitrary SQL commands via the txtUID parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/33127
- http://securityreason.com/securityalert/4889
- http://support.citrix.com/article/CTX119315
- http://www.securityfocus.com/archive/1/499559/100/0/threaded
- http://www.securityfocus.com/bid/32832
- http://www.securitytracker.com/id?1021411
- http://secunia.com/advisories/33127
- http://securityreason.com/securityalert/4889
- http://support.citrix.com/article/CTX119315
- http://www.securityfocus.com/archive/1/499559/100/0/threaded
- http://www.securityfocus.com/bid/32832
- http://www.securitytracker.com/id?1021411
Products affected by CVE-2008-5882
-
cpe:2.3:a:avaya:broadcast_server:*
-
cpe:2.3:a:citrix:broadcast_server:6.0
-
cpe:2.3:h:avaya:ag250:2.0
-
cpe:2.3:h:citrix:application_gateway_for_avaya:-