Vulnerabilities > Craftysyntax > Crafty Syntax Live Help > 2.10.5
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-08-27 | CVE-2008-3845 | SQL Injection vulnerability in Craftysyntax Crafty Syntax Live Help Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php. | 7.5 |
2008-08-27 | CVE-2008-3840 | Credentials Management vulnerability in Craftysyntax Crafty Syntax Live Help Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. | 5.0 |