CVE-2008-6365

Adserversolutions AD Management Software - SQL Injection

Title source: rule

Description

SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad Management Software Java allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password, related to the uname or pass parameters to logon.jsp or logon_processing.jsp. NOTE: some of these details are obtained from third party information.

Exploits (2)

exploitdb WORKING POC VERIFIED

by R3d-D3V!L · textwebappsasp

https://www.exploit-db.com/exploits/7424

View Code ZIP pw:eip

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/32655

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/33072

[Exploit] http://www.securityfocus.com/bid/32790

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/47282

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7424

Scores

EPSS 0.0043

EPSS Percentile 62.6%

Details

CWE

CWE-89

Status published

Products (1)

adserversolutions/ad_management_software

Published Mar 02, 2009

Tracked Since Feb 18, 2026