CVE-2008-3845

N/A Unknown

Published: August 27, 2008 Modified: April 23, 2026

Description

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/31573

Source: cve@mitre.org

Vendor Advisory

http://security.craftysyntax.com/updates/?v=2.14.6

Source: cve@mitre.org

Patch

http://securityreason.com/securityalert/4192

Source: cve@mitre.org

http://sourceforge.net/project/shownotes.php?release_id=620878

Source: cve@mitre.org

http://www.gulftech.org/?node=research&article_id=00127-08252008

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/495729/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/30825

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/44669

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6307

Source: cve@mitre.org

http://secunia.com/advisories/31573